Daniel P. Berrange wrote:
> On Fri, Jul 31, 2009 at 03:19:53PM +0200, Chris Lalancette wrote:
>> Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
>> gethostname. Besides the fact that virGetHostname is far more clever,
>> there was a latent bug in the handling that could cause a buffer overflow
>> on a very long hostname.
>>
>> Signed-off-by: Chris Lalancette <clala...@redhat.com>
>> ---
>> src/qemu_driver.c | 9 ++++++---
>> 1 files changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/qemu_driver.c b/src/qemu_driver.c
>> index cee2164..83cbcf3 100644
>> --- a/src/qemu_driver.c
>> +++ b/src/qemu_driver.c
>> @@ -6270,11 +6270,12 @@ qemudDomainMigratePrepare2 (virConnectPtr dconn,
>> virDomainDefPtr def = NULL;
>> virDomainObjPtr vm = NULL;
>> int this_port;
>> - char hostname [HOST_NAME_MAX+1];
>> + char *hostname;
>> char migrateFrom [64];
>> const char *p;
>> virDomainEventPtr event = NULL;
>> int ret = -1;;
>> + int internalret;
>>
>> *uri_out = NULL;
>>
>> @@ -6300,14 +6301,16 @@ qemudDomainMigratePrepare2 (virConnectPtr dconn,
>> if (port == QEMUD_MIGRATION_NUM_PORTS) port = 0;
>>
>> /* Get hostname */
>> - if (gethostname (hostname, HOST_NAME_MAX+1) == -1) {
>> + if ((hostname = virGetHostname()) == NULL) {
>> virReportSystemError (dconn, errno,
>> "%s", _("failed to determine host name"));
>> goto cleanup;
>> }
>>
>> /* Caller frees */
>> - if (virAsprintf(uri_out, "tcp:%s:%d", hostname, this_port) < 0) {
>> + internalret = virAsprintf(uri_out, "tcp:%s:%d", hostname,
>> this_port);
>> + VIR_FREE(hostname);
>> + if (internalret < 0) {
>> virReportOOMError (dconn);
>> goto cleanup;
>> }
>
> ACK
Committed.
--
Chris Lalancette
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
