|
|
c401cc |
From ec503f28ffbeb007c62e1e5c148cbb8497365543 Mon Sep 17 00:00:00 2001
|
|
|
c401cc |
Message-Id: <ec503f28ffbeb007c62e1e5c148cbb8497365543.1387385061.git.jdenemar@redhat.com>
|
|
|
c401cc |
From: Christophe Fergeau <cfergeau@redhat.com>
|
|
|
c401cc |
Date: Tue, 17 Dec 2013 16:13:21 +0100
|
|
|
c401cc |
Subject: [PATCH] Fix invalid read in virNetSASLSessionClientStep debug log
|
|
|
c401cc |
|
|
|
c401cc |
virNetSASLSessionClientStep logs the data that is going to be passed to
|
|
|
c401cc |
sasl_client_step as input data. However, it tries to log it as a string,
|
|
|
c401cc |
while there is no guarantee that this data is going to be nul-terminated.
|
|
|
c401cc |
This leads to this valgrind log:
|
|
|
c401cc |
|
|
|
c401cc |
==20938== Invalid read of size 1
|
|
|
c401cc |
==20938== at 0x8BDB08F: vfprintf (vfprintf.c:1635)
|
|
|
c401cc |
==20938== by 0x8C06DF2: vasprintf (vasprintf.c:62)
|
|
|
c401cc |
==20938== by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
|
|
|
c401cc |
==20938== by 0x4CA9516: virLogVMessage (virlog.c:842)
|
|
|
c401cc |
==20938== by 0x4CA939A: virLogMessage (virlog.c:778)
|
|
|
c401cc |
==20938== by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
|
|
|
c401cc |
==20938== by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
|
|
|
c401cc |
==20938== by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
|
|
|
c401cc |
==20938== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
|
|
|
c401cc |
==20938== by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
|
|
|
c401cc |
==20938== by 0x4D8595F: do_open (libvirt.c:1239)
|
|
|
c401cc |
==20938== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
|
|
|
c401cc |
==20938== by 0x12762B: vshReconnect (virsh.c:337)
|
|
|
c401cc |
==20938== by 0x12C9B0: vshInit (virsh.c:2470)
|
|
|
c401cc |
==20938== by 0x12E9A5: main (virsh.c:3338)
|
|
|
c401cc |
==20938== Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
|
|
|
c401cc |
==20938== at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
|
|
c401cc |
==20938== by 0x8CB91B4: xdr_array (xdr_array.c:94)
|
|
|
c401cc |
==20938== by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
|
|
|
c401cc |
==20938== by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
|
|
|
c401cc |
==20938== by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
|
|
|
c401cc |
==20938== by 0x4DF8141: callFull (remote_driver.c:5794)
|
|
|
c401cc |
==20938== by 0x4DF821A: call (remote_driver.c:5816)
|
|
|
c401cc |
==20938== by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
|
|
|
c401cc |
==20938== by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
|
|
|
c401cc |
==20938== by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
|
|
|
c401cc |
==20938== by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
|
|
|
c401cc |
==20938== by 0x4D8595F: do_open (libvirt.c:1239)
|
|
|
c401cc |
==20938== by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
|
|
|
c401cc |
==20938== by 0x12762B: vshReconnect (virsh.c:337)
|
|
|
c401cc |
==20938== by 0x12C9B0: vshInit (virsh.c:2470)
|
|
|
c401cc |
==20938== by 0x12E9A5: main (virsh.c:3338)
|
|
|
c401cc |
|
|
|
c401cc |
(cherry picked from commit 986900a5af6491d54f7779f6368f1fc41eb53690)
|
|
|
c401cc |
|
|
|
c401cc |
https://bugzilla.redhat.com/show_bug.cgi?id=1043864
|
|
|
c401cc |
|
|
|
c401cc |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c401cc |
---
|
|
|
c401cc |
src/rpc/virnetsaslcontext.c | 2 +-
|
|
|
c401cc |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
c401cc |
|
|
|
c401cc |
diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
|
|
|
c401cc |
index 1baf41e..dbb9a25 100644
|
|
|
c401cc |
--- a/src/rpc/virnetsaslcontext.c
|
|
|
c401cc |
+++ b/src/rpc/virnetsaslcontext.c
|
|
|
c401cc |
@@ -457,7 +457,7 @@ int virNetSASLSessionClientStep(virNetSASLSessionPtr sasl,
|
|
|
c401cc |
int err;
|
|
|
c401cc |
int ret = -1;
|
|
|
c401cc |
|
|
|
c401cc |
- VIR_DEBUG("sasl=%p serverin=%s serverinlen=%zu prompt_need=%p clientout=%p clientoutlen=%p",
|
|
|
c401cc |
+ VIR_DEBUG("sasl=%p serverin=%p serverinlen=%zu prompt_need=%p clientout=%p clientoutlen=%p",
|
|
|
c401cc |
sasl, serverin, serverinlen, prompt_need, clientout, clientoutlen);
|
|
|
c401cc |
|
|
|
c401cc |
virObjectLock(sasl);
|
|
|
c401cc |
--
|
|
|
c401cc |
1.8.5.1
|
|
|
c401cc |
|