mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

launch: appliance: Handle non-\0 terminated buffer correctly.

Browse Source 
The read_all function is used as a callback for

  guestfs___cmd_set_stdout_callback (cmd, read_all, [str],
                                     CMD_STDOUT_FLAG_WHOLE_BUFFER);

As noted in the documentation for CMD_STDOUT_FLAG_WHOLE_BUFFER, the
buffer returned is not \0-terminated, and so using memdup will create
an unterminated string, and therefore potentially a memory overrun
when reading or searching the string.

Use strndup instead so the final string is \0-terminated.
This commit is contained in:
Richard W.M. Jones
2012-11-24 14:17:35 +00:00
parent aeea803ad0
commit a4c0d7a82a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/launch-appliance.c
View File

@@ -771,7 +771,7 @@ read_all (guestfs_h *g, void *retv, const char *buf, size_t len)
{
char **ret = retv;
*ret = safe_memdup (g, buf, len);
*ret = safe_strndup (g, buf, len);
}
/* Test if option is supported by qemu command line (just by grepping