qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] qga: check length of command-line & environment

From: P J P
Subject: Re: [Qemu-devel] [PATCH] qga: check length of command-line & environment variables
Date: Fri, 11 Jan 2019 15:22:51 +0530 (IST) 
+-- On Mon, 7 Jan 2019, P J P wrote --+
| Qemu guest agent while executing user commands does not seem to
| check length of argument list and/or environment variables passed.
| It may lead to integer overflow or infinite loop issues. Add check
| to avoid it.
| 
| -    size_t str_size = 1;
| +    size_t str_size = 1, args_max;
|  
| +    args_max = sysconf(_SC_ARG_MAX);

Looks like sysconf()/_SC_ARG_MAX declarations aren't available. Is it okay to 
include header <unistd.h> ?

===
diff --git a/qga/commands.c b/qga/commands.c
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -18,6 +18,7 @@
 #include "qemu/atomic.h"
+#include <unistd.h>
===

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
reply via email to
[Prev in Thread] Current Thread [Next in Thread]