On 04/05/2017 11:12 AM, Daniel P. Berrange wrote: > On Sat, Mar 11, 2017 at 05:22:52PM +0400, Marc-André Lureau wrote: >> On virtio channel "org.qemu.guest_agent.0", parse the json stream until >> the VMDUMP_INFO is received and retrieve the dump details. >>
> > so we just continually feed data into the json parser until we see the > event we care about.... > > What kind of denial of service protection does our JSON parser have. Now > that QEMU is directly parsing JSON from QEMU guest agent, it is exposed > to malicious attack by the guest agent. Our JSON parser rejects input that exceeds various limits: json-lexer.c: #define MAX_TOKEN_SIZE (64ULL << 20) json-streamer.c: #define MAX_TOKEN_SIZE (64ULL << 20) #define MAX_TOKEN_COUNT (2ULL << 20) #define MAX_NESTING (1ULL << 10) > > eg what happens if the 'vmcoreinfo' string in the JSON doc received from > the guest ends up being 10GB in size ? Is that going to cause our JSON > parser to allocate QString which is 10GB in size which we'll further > try to strdup just below too... The parser will have rejected the guest data long before the 10GB mark. But our error recovery from that rejection may not be ideal... -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
