subject:"\[libvirt\] \[PATCHv2 2\/2\] openvz\: avoid potential buffer overflow"

[libvirt] [PATCHv2 2/2] openvz: avoid potential buffer overflow

2010-12-07 Thread Eric Blake

* src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe sscanf with safe direct parsing. (openvzGetVEID): Avoid lost integer overflow detection. (openvzAssignUUIDs): Likewise, and detect readdir failure. --- v2: new patch; plugs a potential security hole, since

Re: [libvirt] [PATCHv2 2/2] openvz: avoid potential buffer overflow

2010-12-07 Thread Matthias Bolte

2010/12/7 Eric Blake ebl...@redhat.com: * src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe sscanf with safe direct parsing. (openvzGetVEID): Avoid lost integer overflow detection. (openvzAssignUUIDs): Likewise, and detect readdir failure. --- v2: new patch; plugs a potential

Re: [libvirt] [PATCHv2 2/2] openvz: avoid potential buffer overflow

2010-12-07 Thread Eric Blake

On 12/07/2010 02:49 PM, Matthias Bolte wrote: 2010/12/7 Eric Blake ebl...@redhat.com: * src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe sscanf with safe direct parsing. (openvzGetVEID): Avoid lost integer overflow detection. (openvzAssignUUIDs): Likewise, and detect readdir