diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-11-24 14:17:35 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-11-24 14:17:35 +0000 |
| commit | a4c0d7a82a906ed5213740227efc279d3e557165 (patch) | |
| tree | 113a66d13da33806e072b84c0a6b0c0a10bdf09b | |
| parent | aeea803ad0fafe1ed4c7f8e781dfe4fdc150cac0 (diff) | |
| download | libguestfs-a4c0d7a82a906ed5213740227efc279d3e557165.tar.gz libguestfs-a4c0d7a82a906ed5213740227efc279d3e557165.tar.xz libguestfs-a4c0d7a82a906ed5213740227efc279d3e557165.zip | |
launch: appliance: Handle non-\0 terminated buffer correctly.
The read_all function is used as a callback for
guestfs___cmd_set_stdout_callback (cmd, read_all, [str],
CMD_STDOUT_FLAG_WHOLE_BUFFER);
As noted in the documentation for CMD_STDOUT_FLAG_WHOLE_BUFFER, the
buffer returned is not \0-terminated, and so using memdup will create
an unterminated string, and therefore potentially a memory overrun
when reading or searching the string.
Use strndup instead so the final string is \0-terminated.
| -rw-r--r-- | src/launch-appliance.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/launch-appliance.c b/src/launch-appliance.c index 95cf1319..8f5611ea 100644 --- a/src/launch-appliance.c +++ b/src/launch-appliance.c @@ -771,7 +771,7 @@ read_all (guestfs_h *g, void *retv, const char *buf, size_t len) { char **ret = retv; - *ret = safe_memdup (g, buf, len); + *ret = safe_strndup (g, buf, len); } /* Test if option is supported by qemu command line (just by grepping |