Re: [Libguestfs] [PATCH V3] virt-diff: add new virt-diff tool
On Wed, Sep 19, 2012 at 05:43:10PM +0800, Wanlong Gao wrote:
On 08/21/2012 04:25 PM, Richard W.M. Jones wrote:
> Another thing: Don't use sprintf, ever. With the wrong $TMPDIR that
> code above is a security hole. Since you need to quote 'dir' (since
> it comes from user input) you're going to have to rewrite the whole
> call to system(3) so that it uses fork + exec instead.
Can you explain more? Sorry I can't understand where is the security
hole.
sprintf doesn't check the size of the output buffer. The output
buffer always needs to be sized big enough for all inputs, else you'll
have a buffer overflow. The simple way to avoid this is to use
asprintf which allocates the output buffer of the correct size for
you.
And if I use fork + exec, how can I make "stempdir" and
"dir"
together to an "argv[]" for the argument of exec?
Have a look at:
https://github.com/libguestfs/libguestfs/blob/f9f0767e20847734db3747c06b4...
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org