[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC v3 PATCH 07/45] multi-process: define proxy-link o
From: |
Stefan Hajnoczi |
Subject: |
Re: [Qemu-devel] [RFC v3 PATCH 07/45] multi-process: define proxy-link object |
Date: |
Wed, 9 Oct 2019 14:37:24 +0100 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Thu, Sep 12, 2019 at 05:34:35PM +0200, Stefan Hajnoczi wrote:
> On Tue, Sep 03, 2019 at 04:37:33PM -0400, Jagannathan Raman wrote:
> > + msg->num_fds = 0;
> > + for (chdr = CMSG_FIRSTHDR(&hdr); chdr != NULL;
> > + chdr = CMSG_NXTHDR(&hdr, chdr)) {
> > + if ((chdr->cmsg_level == SOL_SOCKET) &&
> > + (chdr->cmsg_type == SCM_RIGHTS)) {
> > + fdsize = chdr->cmsg_len - CMSG_LEN(0);
> > + msg->num_fds = fdsize / sizeof(int);
> > + memcpy(msg->fds, CMSG_DATA(chdr), fdsize);
>
> Please validate num_fds before memcpy to prevent the buffer overflow.
>
> > + break;
> > + }
> > + }
> > +
> > + if (msg->size && msg->bytestream) {
> > + msg->data2 = calloc(1, msg->size);
> > + data = msg->data2;
> > + } else {
> > + data = (uint8_t *)&msg->data1;
> > + }
> > +
> > + if (msg->size) {
> > + do {
> > + rc = read(sock, data, msg->size);
> > + } while (rc < 0 && (errno == EINTR || errno == EAGAIN));
> > + }
>
> Please validate size to prevent the buffer overflow.
I didn't see a reply so I want to highlight that the effort to introduce
isolation between devices is pointless if the communications link is not
coded securely.
Multi-process QEMU adds no security if one process can corrupt the
memory of another process by sending invalid inputs. Please audit the
code.
Stefan
signature.asc
Description: PGP signature
- Re: [Qemu-devel] [RFC v3 PATCH 07/45] multi-process: define proxy-link object,
Stefan Hajnoczi <=