From nobody Thu Mar 28 23:13:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1559392861; cv=none; d=zoho.com; s=zohoarc; b=d852oKUvu/OrOYPLiCG1jG08wqBDZHInANLPFzdHUUnuJQCyYihovP36MlwMnKnEtBSUBbh8XeMQT+h56Gom1fR1kzY0Rpp7gNa08rjEOwk1WXuFP4dCEsQusRCygyIayfBCXNqRaNkC4UVVXNGQDogG2s2rGmsOy20GUEOKefQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1559392861; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=Li5TYQIYVhNpa/ngQyoX2LD+HwOfCXB7rMeVWZ/ZHoQ=; b=oi0+JXhmDUT8chVso38mq+b+hJoGbo8EvteESOyUbH/AePx55lwkfU+OS0qA+pvoc07T9uayBJh3hBu/hIERaT4ztry7a8UVDVwCb3WO5uiCt6kKT1atLMB/Iu5pNW1S1S9ge6BXoFcOgg43PceAMMIDCNz9c7lDNQs5YCVJjvE= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1559392861094212.44184051914453; Sat, 1 Jun 2019 05:41:01 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AFCC3882EA; Sat, 1 Jun 2019 12:40:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 166675D961; Sat, 1 Jun 2019 12:40:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C702E161; Sat, 1 Jun 2019 12:40:48 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x51Cel2L032312 for ; Sat, 1 Jun 2019 08:40:47 -0400 Received: by smtp.corp.redhat.com (Postfix) id 86B706031D; Sat, 1 Jun 2019 12:40:47 +0000 (UTC) Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com [10.5.110.38]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 811F8600D1 for ; Sat, 1 Jun 2019 12:40:45 +0000 (UTC) Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C227DFA8A9 for ; Sat, 1 Jun 2019 12:40:44 +0000 (UTC) Received: by mail-ed1-f65.google.com with SMTP id p26so19208690edr.2 for ; Sat, 01 Jun 2019 05:40:44 -0700 (PDT) Received: from archpc.localdomain (x8d1ee222.agdsn.tu-dresden.de. [141.30.226.34]) by smtp.gmail.com with ESMTPSA id h5sm2404226ede.74.2019.06.01.05.40.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 01 Jun 2019 05:40:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=wmeaDTEXrHSH979R6pmig3Z2WC9p2gT17ONYEuxgyFw=; b=rFDCisHaqYewLooqTAGaoNGBUTx/AvQSftUFNkKovZpJxSyXE3C4DfJmtVu9vQluIC vXbNhxuRBkd9vLpftguTFjNF9Q08cdwMFk7Z9HHXwRb5Bh7k0hHGkOiY58kWz4JL5EJP tD2X4f75iq9Z6T/DyAerzwso+jnX3X4qaZMOiZk9K4jY7FdcH8mT6ORqcUKKRwo8o+oi +suzT5EXS2nhy9jyKfdizMfY5fdsJheJlJD1dM4jaTaA+u3WUMTPeOPXjCbcPdWx67AP iBWcypelGoTdLhlcNYwUh3NFjUn2ZuSbttwf0aKPDW07L0HdkmBWQddhNzytsVUkM0nL 7DEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=wmeaDTEXrHSH979R6pmig3Z2WC9p2gT17ONYEuxgyFw=; b=qgSbf2XrIHb6LV0irpUhygig5F3rNc1mS7umzL376jSsttuSJ/AQZcoeLbOJqip06E q8knFvWQrq/PsrKK/+zaccUn0Td4Pau31j9Jxz5/pyTczx+qEtLZ00A3wzBxC+X9JetG hJ4lt+7pKWRdai+C7sst2LPhQIMTehHwjqGAQJPZ0HgFwz3GO4RdI9Y/mrQka1gwJF8Q QGsN307df1XC8U0bLunQj3M6bMTombr3FvwzM+kXpZlfccWD1ml6LAAINWKjP6VydvDX LBYyLIlVgb3ywZ+bVus52EKJQy+LRyXvnUxnLE8TZFlpyxVq95Lo/GZgstwQNvXdom7M yE8w== X-Gm-Message-State: APjAAAVhiMQhWxLHLLDRpEE7KZiZqT6hAcR2V6NmDOUk7TiB4RsY2kci lbTOmQtGc0nikUau2YyabUorz2+Sm6U= X-Google-Smtp-Source: APXvYqyERhuK/qnyxyzJStz3I5vR3rqXfEGD7+eHJiGIrHcj+8dEe0eDXBnToPbZwZAqmJ/7IkN4Mg== X-Received: by 2002:a17:906:5ad4:: with SMTP id x20mr13875073ejs.225.1559392842982; Sat, 01 Jun 2019 05:40:42 -0700 (PDT) From: Ilias Stamatis To: libvir-list@redhat.com Date: Sat, 1 Jun 2019 14:40:12 +0200 Message-Id: <20190601124012.14369-1-stamatis.iliass@gmail.com> MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Sat, 01 Jun 2019 12:40:44 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Sat, 01 Jun 2019 12:40:44 +0000 (UTC) for IP:'209.85.208.65' DOMAIN:'mail-ed1-f65.google.com' HELO:'mail-ed1-f65.google.com' FROM:'stamatis.iliass@gmail.com' RCPT:'' X-RedHat-Spam-Score: -0.414 (DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS) 209.85.208.65 mail-ed1-f65.google.com 209.85.208.65 mail-ed1-f65.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.38 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] virDomainSendKey: validate codeset argument X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Sat, 01 Jun 2019 12:40:58 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" This argument wasn't validated anywhere, neither in the generic implementation nor in the individual drivers. As a result a call to this function with a large enough codeset value prior to this change causes libvirtd to crash. This happens because all drivers call virKeycodeValueTranslate which uses codeset as an index to the virKeymapValues array, causing an out-of-bounds error. Signed-off-by: Ilias Stamatis Reviewed-by: Erik Skultety --- src/libvirt-domain.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index df7e405b3e..c09448927b 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -6837,6 +6837,13 @@ virDomainSendKey(virDomainPtr domain, virCheckNonNullArgGoto(keycodes, error); virCheckPositiveArgGoto(nkeycodes, error); =20 + if (codeset >=3D VIR_KEYCODE_SET_LAST) { + virReportInvalidArg(codeset, + _("codeset must be less than %d"), + VIR_KEYCODE_SET_LAST); + goto error; + } + if (nkeycodes > VIR_DOMAIN_SEND_KEY_MAX_KEYS) { virReportInvalidArg(nkeycodes, _("nkeycodes must be <=3D %d"), --=20 2.21.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list