diff options
author | Richard W.M. Jones <rjones@redhat.com> | 2012-04-27 15:35:50 +0100 |
---|---|---|
committer | Richard W.M. Jones <rjones@redhat.com> | 2012-04-27 15:35:50 +0100 |
commit | cc798540370658ecc1bba94c4ab4b64485c9bcc6 (patch) | |
tree | b8588f0d7b061d1380859a5c806b98a36e3efa02 | |
parent | d448ae0c2bff2079212734835899e17cac468620 (diff) | |
download | libguestfs-cc798540370658ecc1bba94c4ab4b64485c9bcc6.tar.gz libguestfs-cc798540370658ecc1bba94c4ab4b64485c9bcc6.tar.xz libguestfs-cc798540370658ecc1bba94c4ab4b64485c9bcc6.zip |
debug: 'progress' (unsupported debug command) now checks argument is reasonable (RHBZ#816839).
Thanks Yuyu Zhou.
-rw-r--r-- | daemon/debug.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/daemon/debug.c b/daemon/debug.c index 8be48ff8..96c0ad84 100644 --- a/daemon/debug.c +++ b/daemon/debug.c @@ -429,8 +429,12 @@ debug_progress (const char *subcmd, size_t argc, char *const *const argv) char *secs_str = argv[0]; unsigned secs; - if (sscanf (secs_str, "%u", &secs) != 1 || secs == 0) + if (sscanf (secs_str, "%u", &secs) != 1) goto error; + if (secs == 0 || secs > 1000000) { /* RHBZ#816839 */ + reply_with_error ("progress: argument is 0, less than 0, or too large"); + return NULL; + } unsigned i; unsigned tsecs = secs * 10; /* 1/10ths of seconds */ |