[Libguestfs] [PATCH libnbd 1/2] examples: copy-libev.c: Clear buffers before use
The example uses a buffer pool for all requests, but it did not clear
the buffers before they were used. If we failed to handle a read error,
this could lead to leaking sensitive data to the destination server.
Signed-off-by: Nir Soffer <nsoffer(a)redhat.com>
---
examples/copy-libev.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/examples/copy-libev.c b/examples/copy-libev.c
index 51ff9fb0..13db898a 100644
--- a/examples/copy-libev.c
+++ b/examples/copy-libev.c
@@ -634,21 +634,28 @@ main (int argc, char *argv[])
/* Check destination server capabilities. */
dst.can_zero = nbd_can_zero (dst.nbd) > 0;
/* Start the copy "loop". When request completes, it starts the
* next request, until entire image was copied. */
for (i = 0; i < MAX_REQUESTS; i++) {
struct request *r = &requests[i];
r->index = i;
- r->data = malloc (REQUEST_SIZE);
+
+ /*
+ * Clear the buffer before starting the copy, so if we fail to
+ * handle a read error we will not write uninitilized data to
+ * the destination server, which may leak sensitive data to
+ * remote host.
+ */
+ r->data = calloc (1, REQUEST_SIZE);
if (r->data == NULL)
FAIL ("Cannot allocate buffer: %s", strerror (errno));
start_request(r);
}
/* Start watching events on src and dst handles. */
ev_io_init (&src.watcher, io_cb, get_fd (&src), get_events (&src));
ev_io_start (loop, &src.watcher);
--
2.34.1