mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use less stack.

Browse Source 
GCC has two warnings related to large stack frames.  We were already
using the -Wframe-larger-than warning, but this reduces the threshold
from 10000 to 5000 bytes.

However that warning only covers the static part of frames (not
alloca).  So this change also enables -Wstack-usage=10000 which covers
both the static and dynamic usage (alloca and variable length arrays).

Multiple changes are made throughout the code to reduce frames to fit
within these new limits.

Note that stack allocation of large strings can be a security issue.
For example, we had code like:

 size_t len = strlen (fs->windows_systemroot) + 64;
 char software[len];
 snprintf (software, len, "%s/system32/config/software",
           fs->windows_systemroot);

where fs->windows_systemroot is guest controlled.  It's not clear what
the effects might be of allowing the guest to allocate potentially
very large stack frames, but at best it allows the guest to cause
libguestfs to segfault.  It turns out we are very lucky that
fs->windows_systemroot cannot be set arbitrarily large (see checks in
is_systemroot).

This commit changes those to large heap allocations instead.
This commit is contained in:
Richard W.M. Jones
2016-03-06 18:37:40 +00:00
parent 8ed6435f04
commit 07c496c53c
52 changed files with 507 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
daemon/tar.c
View File

@@ -45,12 +45,17 @@ optgroup_xz_available (void)
static int
is_chown_supported (const char *dir)
{
size_t len = sysroot_len + strlen (dir) + 64;
char buf[len];
CLEANUP_FREE char *buf = NULL;
int fd, r, err, saved_errno;
/* Create a randomly named file. */
snprintf (buf, len, "%s%s/XXXXXXXX.XXX", sysroot, dir);
if (asprintf (&buf, "%s%s/XXXXXXXX.XXX", sysroot, dir) == -1) {
err = errno;
r = cancel_receive ();
errno = err;
reply_with_perror ("asprintf");
return -1;
}
if (random_name (buf) == -1) {
err = errno;
r = cancel_receive ();
@@ -332,7 +337,13 @@ do_tar_out (const char *dir, const char *compress, int numericowner,
FILE *fp;
CLEANUP_UNLINK_FREE char *exclude_from_file = NULL;
CLEANUP_FREE char *cmd = NULL;
char buffer[GUESTFS_MAX_CHUNK_SIZE];
CLEANUP_FREE char *buffer = NULL;
buffer = malloc (GUESTFS_MAX_CHUNK_SIZE);
if (buffer == NULL) {
reply_with_perror ("malloc");
return -1;
}
if ((optargs_bitmask & GUESTFS_TAR_OUT_COMPRESS_BITMASK)) {
if (STREQ (compress, "compress"))
@@ -416,7 +427,7 @@ do_tar_out (const char *dir, const char *compress, int numericowner,
*/
reply (NULL, NULL);
while ((r = fread (buffer, 1, sizeof buffer, fp)) > 0) {
while ((r = fread (buffer, 1, GUESTFS_MAX_CHUNK_SIZE, fp)) > 0) {
if (send_file_write (buffer, r) < 0) {
pclose (fp);
return -1;