search for: guestfs___safe_strdup

There's a denial of service attack possible from guests on any program that does inspection (eg. virt-inspector, many other virt-* tools, virt-v2v, OpenStack). The attack causes the host process to crash because of a double free. It's probably not exploitable (definitely not on Fedora because of the default memory hardening settings). This patch contains the fix and a reproducer:

...00 01 | 00 12 34 24 | ... Program received signal SIGSEGV, Segmentation fault. 0x00007ffff69deae2 in __strlen_sse2 () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff69deae2 in __strlen_sse2 () from /lib64/libc.so.6 #1 0x00007ffff69de7e6 in strdup () from /lib64/libc.so.6 #2 0x00007ffff7b7936c in guestfs___safe_strdup (g=0x65da50, str=0x0) at alloc.c:96 #3 0x00007ffff7b8b65e in parse_suse_release (filename=<optimized out>, fs=<optimized out>, g=<optimized out>) at inspect-fs-unix.c:343 #4 guestfs___check_linux_root (g=0x65da50, fs=0x6665b0) at inspect-fs-unix.c:560 #5 0x00007ffff7b88522 in c...

On Fri, May 31, 2013 at 01:03:24AM +0200, Olaf Hering wrote: > #2 0x00007ffff7b7936c in guestfs___safe_strdup (g=0x65da50, str=0x0) at alloc.c:96 > #3 0x00007ffff7b8b65e in parse_suse_release (filename=<optimized out>, fs=<optimized out>, g=<optimized out>) at inspect-fs-unix.c:343 This is a different problem: lines = guestfs_head_n (g, 10, filename); if (lines == NULL) retu...

libguestfs has used double and triple underscores in identifiers. These aren't valid for global names in C++. (http://stackoverflow.com/a/228797) These large but completely mechanical patches change the illegal identifiers to legal ones. Rich.

...se + * they are used by some of the language bindings. */ +/* Private functions. */ + extern GUESTFS_DLL_PUBLIC void *guestfs___safe_malloc (guestfs_h *g, size_t nbytes); extern GUESTFS_DLL_PUBLIC void *guestfs___safe_calloc (guestfs_h *g, size_t n, size_t s); extern GUESTFS_DLL_PUBLIC char *guestfs___safe_strdup (guestfs_h *g, const char *str); @@ -704,7 +707,30 @@ extern GUESTFS_DLL_PUBLIC void *guestfs___safe_memdup (guestfs_h *g, const void extern GUESTFS_DLL_PUBLIC int guestfs___for_each_disk (guestfs_h *g, /* virDomainPtr */ void *dom, int (*)(guestfs_h *g, const char *filename, const char *format,...

This is only lightly tested at the moment. For context see: https://bugzilla.redhat.com/show_bug.cgi?id=1138203#c40 https://bugzilla.redhat.com/show_bug.cgi?id=1075143 https://bugzilla.redhat.com/show_bug.cgi?id=1075164 Note this is not a complete fix. At least one more libguestfs patch is required (to implement virDomainPtr in the python bindings). Plus a virt-manager patch. Rich.

This completes the implementation on the libguestfs side, allowing python-libvirt dom pointers to be passed to guestfs_add_libvirt_dom. For context see: https://bugzilla.redhat.com/show_bug.cgi?id=1138203#c40 https://bugzilla.redhat.com/show_bug.cgi?id=1075143 https://bugzilla.redhat.com/show_bug.cgi?id=1075164 Rich.

A hopefully cleaner implementation this time. It doesn't require any special insights into how libvirt-python is implemented. Instead, it requires a change to libvirt-python to add a .c_pointer() method: https://www.redhat.com/archives/libvir-list/2014-December/msg00615.html Rich.

Hi, this patch serie adds a new GUID type in the generator, which would do the same as String, but also validating (just in the C output) the passed GUID string. This allows to reject invalid GUIDs before passing them to low-level tools. Pino Toscano (4): utils: add a function to validate a GUID string generator: add a GUID parameter type generator: generate code for parameter validation

Since v3: - Fix labelling over overlays (see 6/6) - Tested it with a test program which simulates what virt-manager will do. See the attachment here: https://bugzilla.redhat.com/show_bug.cgi?id=1075164#c7 Rich.