[libvirt PATCH 00/19] Overhaul test/commandhelper.c

Tim Wiederhake posted 19 patches 3 years, 1 month ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210129161629.604823-1-twiederh@redhat.com
There is a newer version of this series
tests/commandhelper.c | 295 +++++++++++++++++++++++++++---------------
1 file changed, 188 insertions(+), 107 deletions(-)
[libvirt PATCH 00/19] Overhaul test/commandhelper.c
Posted by Tim Wiederhake 3 years, 1 month ago
I stumbled upon a buffer overflow / stack smash present in
"test/commandhelper.c" that could be triggered by e.g.

  $ ./tests/commandhelper --readfd 0 --readfd 0 --readfd 0 --readfd x
  Could not parse fd x
  *** stack smashing detected ***: terminated
  Aborted (core dumped)

This series cleans up the file, fixes the buffer overflow and converts
(most) memory handling to g_auto*.

Note that it does not touch the "prevent malloc with zero size" issue
discussed in
https://www.redhat.com/archives/libvir-list/2021-January/msg01160.html,
this will be done in the other series.

Please feel free to comment on whether the copyright year in the file's
header should be updated and whether a prefix for the function names
and the new type is required.

Cheers,
Tim

Tim Wiederhake (19):
  commandhelper: Remove origenv variable
  commandhelper: Remove numpollfds variable
  commandhelper: Simplify envsort
  commandhelper: Consolidate error paths
  commandhelper: Consolidate argument parsing
  commandhelper: Split argument parsing and printing
  commandhelper: Factor out parseArguments
  commandhelper: Factor out printArguments
  commandhelper: Factor out printEnvironment
  commandhelper: Factor out printFds
  commandhelper: Factor out printDaemonization
  commandhelper: Factor out printCwd
  commandhelper: Factor out printInput
  commandhelper: Make number of fds variable in printInput
  commandhelper: Make number of fds variable in parseArguments
  commandhelper: Convert parseArguments to g_auto*
  commandhelper: Convert printEnvironment to g_auto*
  commandhelper: Convert printCwd to g_auto*
  commandhelper: Convert main to g_auto*

 tests/commandhelper.c | 295 +++++++++++++++++++++++++++---------------
 1 file changed, 188 insertions(+), 107 deletions(-)

-- 
2.26.2


Re: [libvirt PATCH 00/19] Overhaul test/commandhelper.c
Posted by Peter Krempa 3 years, 1 month ago
On Fri, Jan 29, 2021 at 17:16:10 +0100, Tim Wiederhake wrote:
> I stumbled upon a buffer overflow / stack smash present in
> "test/commandhelper.c" that could be triggered by e.g.
> 
>   $ ./tests/commandhelper --readfd 0 --readfd 0 --readfd 0 --readfd x
>   Could not parse fd x
>   *** stack smashing detected ***: terminated
>   Aborted (core dumped)
> 
> This series cleans up the file, fixes the buffer overflow and converts
> (most) memory handling to g_auto*.
> 
> Note that it does not touch the "prevent malloc with zero size" issue
> discussed in
> https://www.redhat.com/archives/libvir-list/2021-January/msg01160.html,
> this will be done in the other series.
> 
> Please feel free to comment on whether the copyright year in the file's
> header should be updated and whether a prefix for the function names
> and the new type is required.

No and no.


For patches 1-2,4-16,19:

Reviewed-by: Peter Krempa <pkrempa@redhat.com>

17, 18 use g_autofree which uses g_free which shouldn't be available.