render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
c401cc
From ec503f28ffbeb007c62e1e5c148cbb8497365543 Mon Sep 17 00:00:00 2001
c401cc
Message-Id: <ec503f28ffbeb007c62e1e5c148cbb8497365543.1387385061.git.jdenemar@redhat.com>
c401cc
From: Christophe Fergeau <cfergeau@redhat.com>
c401cc
Date: Tue, 17 Dec 2013 16:13:21 +0100
c401cc
Subject: [PATCH] Fix invalid read in virNetSASLSessionClientStep debug log
c401cc
c401cc
virNetSASLSessionClientStep logs the data that is going to be passed to
c401cc
sasl_client_step as input data. However, it tries to log it as a string,
c401cc
while there is no guarantee that this data is going to be nul-terminated.
c401cc
This leads to this valgrind log:
c401cc
c401cc
==20938== Invalid read of size 1
c401cc
==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
c401cc
==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
c401cc
==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
c401cc
==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
c401cc
==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
c401cc
==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
c401cc
==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
c401cc
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
c401cc
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
c401cc
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
c401cc
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
c401cc
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
c401cc
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
c401cc
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
c401cc
==20938==    by 0x12E9A5: main (virsh.c:3338)
c401cc
==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
c401cc
==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
c401cc
==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
c401cc
==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
c401cc
==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
c401cc
==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
c401cc
==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
c401cc
==20938==    by 0x4DF821A: call (remote_driver.c:5816)
c401cc
==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
c401cc
==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
c401cc
==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
c401cc
==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
c401cc
==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
c401cc
==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
c401cc
==20938==    by 0x12762B: vshReconnect (virsh.c:337)
c401cc
==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
c401cc
==20938==    by 0x12E9A5: main (virsh.c:3338)
c401cc
c401cc
(cherry picked from commit 986900a5af6491d54f7779f6368f1fc41eb53690)
c401cc
c401cc
https://bugzilla.redhat.com/show_bug.cgi?id=1043864
c401cc
c401cc
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
c401cc
---
c401cc
 src/rpc/virnetsaslcontext.c | 2 +-
c401cc
 1 file changed, 1 insertion(+), 1 deletion(-)
c401cc
c401cc
diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
c401cc
index 1baf41e..dbb9a25 100644
c401cc
--- a/src/rpc/virnetsaslcontext.c
c401cc
+++ b/src/rpc/virnetsaslcontext.c
c401cc
@@ -457,7 +457,7 @@ int virNetSASLSessionClientStep(virNetSASLSessionPtr sasl,
c401cc
     int err;
c401cc
     int ret = -1;
c401cc
 
c401cc
-    VIR_DEBUG("sasl=%p serverin=%s serverinlen=%zu prompt_need=%p clientout=%p clientoutlen=%p",
c401cc
+    VIR_DEBUG("sasl=%p serverin=%p serverinlen=%zu prompt_need=%p clientout=%p clientoutlen=%p",
c401cc
               sasl, serverin, serverinlen, prompt_need, clientout, clientoutlen);
c401cc
 
c401cc
     virObjectLock(sasl);
c401cc
-- 
c401cc
1.8.5.1
c401cc