qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Use of PATH_MAX

From: Anthony Liguori
Subject: Re: [Qemu-devel] Use of PATH_MAX
Date: Fri, 16 May 2008 09:35:17 -0500
User-agent: Thunderbird 2.0.0.14 (X11/20080505) 
Warner Losh wrote:

From: Anthony Liguori <address@hidden>
Subject: Re: [Qemu-devel] Use of PATH_MAX
Date: Fri, 16 May 2008 09:00:39 -0500

As is the use of dynamic buffers.  If you don't always test system
call return value, you can get odd new failures.  If you don't provide
a sane upper bound, then you get DoS attacks...
Guests don't provide filenames so no, there is no DoS attack. As long as you handle allocation failures gracefully, it's fine.
The problem with static buffers is that we silently truncate filenames. At best, this means something that should work, won't. At worst, this means that instead of opening the file you meant to open, you'll open a file that you didn't mean to open and overwrite the data. 

Regards,

Anthony Liguori


Warner
reply via email to
[Prev in Thread] Current Thread [Next in Thread]