|
From: | Vladimir Sementsov-Ogievskiy |
Subject: | Re: [PATCH] vnc: avoid underflow when accessing user-provided address |
Date: | Fri, 21 Apr 2023 12:44:15 +0300 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 |
On 30.03.23 15:44, Paolo Bonzini wrote:
If hostlen is zero, there is a possibility that addrstr[hostlen - 1] underflows and, if a closing bracked is there, hostlen - 2 is passed to g_strndup() on the next line. If websocket==false then addrstr[0] would be a colon, but if websocket==true this could in principle happen. Fix it by checking hostlen. Reported by Coverity. Signed-off-by: Paolo Bonzini<pbonzini@redhat.com>
I've already sent a similar patch, yes, but let's finally merge any:) Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> -- Best regards, Vladimir
[Prev in Thread] | Current Thread | [Next in Thread] |