+-- On Mon, 7 Jan 2019, P J P wrote --+ | Qemu guest agent while executing user commands does not seem to | check length of argument list and/or environment variables passed. | It may lead to integer overflow or infinite loop issues. Add check | to avoid it. | | - size_t str_size = 1; | + size_t str_size = 1, args_max; | | + args_max = sysconf(_SC_ARG_MAX);
Looks like sysconf()/_SC_ARG_MAX declarations aren't available. Is it okay to include header <unistd.h> ? === diff --git a/qga/commands.c b/qga/commands.c --- a/qga/commands.c +++ b/qga/commands.c @@ -18,6 +18,7 @@ #include "qemu/atomic.h" +#include <unistd.h> === Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F