Libguestfs - May 2016 - [PATCH] init: Don't allocate modules on the stack (RHBZ#1339691).

If the modules are unstripped and/or especially large, then the stack
can overflow.
---
 init/init.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/init/init.c b/init/init.c
index 106be02..733d66e 100644
--- a/init/init.c
+++ b/init/init.c
@@ -314,7 +314,11 @@ insmod (const char *filename)
     exit (EXIT_FAILURE);
   }
   size = st.st_size;
-  char buf[size];
+  char *buf = malloc (size);
+  if (buf == NULL) {
+    fprintf (stderr, "insmod: malloc (%s, %zu bytes): %m\n",
filename, size);
+    exit (EXIT_FAILURE);
+  }
   size_t offset = 0;
   do {
     ssize_t rc = read (fd, buf + offset, size - offset);
@@ -332,6 +336,8 @@ insmod (const char *filename)
      * of a missing device.
      */
   }
+
+  free (buf);
 }
 
 /* Mount /proc unless it's mounted already. */
-- 
2.7.4

On Wednesday 25 May 2016 17:38:47 Richard W.M. Jones
wrote:
> If the modules are unstripped and/or especially large, then the stack
> can overflow.
> ---
LGTM.

-- 
Pino Toscano

On Wed, May 25, 2016 at 07:05:47PM +0200, Pino Toscano
wrote:
> On Wednesday 25 May 2016 17:38:47 Richard W.M. Jones wrote:
> > If the modules are unstripped and/or especially large, then the stack
> > can overflow.
> > ---
> 
> LGTM.
Yup, Luiz Capitulino (the bug reporter) tested it and confirms it
works too.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/