[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] fsdev/virtfs-proxy-helper: Fi
From: |
Aneesh Kumar K.V |
Subject: |
Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] fsdev/virtfs-proxy-helper: Fix possible overflow |
Date: |
Mon, 30 Mar 2015 19:33:33 +0530 |
User-agent: |
Notmuch/0.19+30~gd241a48 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) |
Stefan Hajnoczi <address@hidden> writes:
> On Sat, Mar 14, 2015 at 10:00:16AM +0800, Shannon Zhao wrote:
>> It's detected by coverity. As max of sockaddr_un.sun_path is
>> sizeof(helper.sun_path), should check the length of source
>> and use strncpy instead of strcpy.
>>
>> Signed-off-by: Shannon Zhao <address@hidden>
>> Signed-off-by: Shannon Zhao <address@hidden>
>> ---
>> v1->v2: Still use strcpy [Paolo]
>> ---
>> fsdev/virtfs-proxy-helper.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
>> index bf2e5f3..13fe032 100644
>> --- a/fsdev/virtfs-proxy-helper.c
>> +++ b/fsdev/virtfs-proxy-helper.c
>> @@ -738,6 +738,7 @@ static int proxy_socket(const char *path, uid_t uid,
>> gid_t gid)
>> return -1;
>> }
>>
>> + g_assert(strlen(path) < sizeof(proxy.sun_path));
>> sock = socket(AF_UNIX, SOCK_STREAM, 0);
>
> path is user input. While the assertion check silences Coverity, it is
> not suitable for input validation. Users expect a graceful exit with an
> error message, not an assertion failure if the given path is too long.
>
> I will send a patch.
That is the proxy helper. The assert will cause an exit() which is good,
isn't it ? I did update the qemu side of the patch to do a graceful exit
-aneesh