Re: [Libguestfs] [PATCH v2 1/2] lib: change how hbin sections are read.

Wednesday, 15 February 2017

OK, I ended up turning the warning off.  It appears from the
info file that the warning is about GCC not being able to make
an optimization, not a bug in the code.

However I do have a more substantial problem with the patch.
By checking the offset against h->endpages, we're using an untrusted
field supplied to us by the hive, which means that a crafted hive
could cause us to walk through memory past the end of the file --
a security issue.

So I think the test should be using h->size with the additional
check for off >= h->endpages, as in the existing outer loop.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Re: [Libguestfs] [PATCH v2 1/2] lib: change how hbin sections are read.