qemu-trivial
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] fsdev/virtfs-proxy-helper: Fi


From: Aneesh Kumar K.V
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] fsdev/virtfs-proxy-helper: Fix possible overflow
Date: Mon, 30 Mar 2015 19:33:33 +0530
User-agent: Notmuch/0.19+30~gd241a48 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)

Stefan Hajnoczi <address@hidden> writes:

> On Sat, Mar 14, 2015 at 10:00:16AM +0800, Shannon Zhao wrote:
>> It's detected by coverity. As max of sockaddr_un.sun_path is
>> sizeof(helper.sun_path), should check the length of source
>> and use strncpy instead of strcpy.
>> 
>> Signed-off-by: Shannon Zhao <address@hidden>
>> Signed-off-by: Shannon Zhao <address@hidden>
>> ---
>>     v1->v2: Still use strcpy [Paolo]
>> ---
>>  fsdev/virtfs-proxy-helper.c | 1 +
>>  1 file changed, 1 insertion(+)
>> 
>> diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
>> index bf2e5f3..13fe032 100644
>> --- a/fsdev/virtfs-proxy-helper.c
>> +++ b/fsdev/virtfs-proxy-helper.c
>> @@ -738,6 +738,7 @@ static int proxy_socket(const char *path, uid_t uid, 
>> gid_t gid)
>>          return -1;
>>      }
>>  
>> +    g_assert(strlen(path) < sizeof(proxy.sun_path));
>>      sock = socket(AF_UNIX, SOCK_STREAM, 0);
>
> path is user input.  While the assertion check silences Coverity, it is
> not suitable for input validation.  Users expect a graceful exit with an
> error message, not an assertion failure if the given path is too long.
>
> I will send a patch.

That is the proxy helper. The assert will cause an exit() which is good,
isn't it ? I did update the qemu side of the patch to do a graceful exit

-aneesh




reply via email to

[Prev in Thread] Current Thread [Next in Thread]