From a4c0d7a82a906ed5213740227efc279d3e557165 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Sat, 24 Nov 2012 14:17:35 +0000 Subject: launch: appliance: Handle non-\0 terminated buffer correctly. The read_all function is used as a callback for guestfs___cmd_set_stdout_callback (cmd, read_all, [str], CMD_STDOUT_FLAG_WHOLE_BUFFER); As noted in the documentation for CMD_STDOUT_FLAG_WHOLE_BUFFER, the buffer returned is not \0-terminated, and so using memdup will create an unterminated string, and therefore potentially a memory overrun when reading or searching the string. Use strndup instead so the final string is \0-terminated. --- src/launch-appliance.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/launch-appliance.c b/src/launch-appliance.c index 95cf1319..8f5611ea 100644 --- a/src/launch-appliance.c +++ b/src/launch-appliance.c @@ -771,7 +771,7 @@ read_all (guestfs_h *g, void *retv, const char *buf, size_t len) { char **ret = retv; - *ret = safe_memdup (g, buf, len); + *ret = safe_strndup (g, buf, len); } /* Test if option is supported by qemu command line (just by grepping -- cgit