From nobody Sun May 5 15:14:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626871620; cv=none; d=zohomail.com; s=zohoarc; b=FAnt1IBppbmeQd8bFwofcw++Tk3zy+gEGPIW4mhEUqIvNmjba2yLiukTkLCLvmhA/ZmpKzqN5gTsFj4PBE7kFMBfBkKmwcTNGE0puKzJvWqg/SI5BqiO/utEj+82hCdDHo4egqux7co7aQpy58/Bu41yhzdXi6682ohwikLnWdc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626871620; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hZ3JYI+XJWl8Xo2U8n/pV/+ThZYG46bSw7hi5C6a1Iw=; b=Z7thQ8XQ56a3pRVJlvDO0ADChmZL+7PTvBgCpuiGREXVzeyyBAHaaRjxiJCzNox9R115I8NqHFNRCSKyunFYbFkntqmq6SmlZizT5tpJxhXiAreGgdprnaH4zoIgIrU45vOFiHt1rSCeq3XHMPRBYD07XeVUHVT9RWsKCGfVZeQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1626871620406625.9282681150339; Wed, 21 Jul 2021 05:47:00 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-283-HDaD7m4pNB-bAzXbDLSuhg-1; Wed, 21 Jul 2021 08:46:57 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 686CF107ACF5; Wed, 21 Jul 2021 12:46:52 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3C86E27199; Wed, 21 Jul 2021 12:46:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 030001801028; Wed, 21 Jul 2021 12:46:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16LCkn7L023536 for ; Wed, 21 Jul 2021 08:46:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id B024B5D741; Wed, 21 Jul 2021 12:46:49 +0000 (UTC) Received: from work.speedport.ip (ovpn-113-159.ams2.redhat.com [10.36.113.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id 05AA561F21; Wed, 21 Jul 2021 12:46:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626871619; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hZ3JYI+XJWl8Xo2U8n/pV/+ThZYG46bSw7hi5C6a1Iw=; b=CQ/fbPwC3lPNSHyT5APauX6BlP+j8kOGuvZvQgE49KagFIif5Z5Z1Cc22Lt4s4Q5P0KH8S fJB1Y+JxIbl0WdwQIWCZBS5iO0cq89d+GXxlhJ3yCqT6HNtTpImbEjruIKgSsmU/5ke9K+ R6x/ACjMIkQsABzgFnRUUE+OGmiVDFE= X-MC-Unique: HDaD7m4pNB-bAzXbDLSuhg-1 From: Tim Wiederhake To: libvir-list@redhat.com Subject: [libvirt PATCH 1/4] virfile: Move max file size macro Date: Wed, 21 Jul 2021 14:46:40 +0200 Message-Id: <20210721124643.36824-2-twiederh@redhat.com> In-Reply-To: <20210721124643.36824-1-twiederh@redhat.com> References: <20210721124643.36824-1-twiederh@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Tim Wiederhake X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626871621962100003 Content-Type: text/plain; charset="utf-8" The next commit will use this macro outside the apparmor context. Signed-off-by: Tim Wiederhake --- src/security/security_apparmor.c | 4 ++-- src/security/security_apparmor.h | 1 - src/security/virt-aa-helper.c | 10 +++++----- src/util/virfile.h | 3 +++ 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index 84363015dc..c2cae43137 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -83,7 +83,7 @@ profile_status(const char *str, const int check_enforcing) etmp =3D g_strdup_printf("%s (enforce)", str); } =20 - if (virFileReadAll(APPARMOR_PROFILES_PATH, MAX_FILE_LEN, &content) < 0= ) { + if (virFileReadAll(APPARMOR_PROFILES_PATH, VIR_MAX_FILE_LEN, &content)= < 0) { virReportSystemError(errno, _("Failed to read AppArmor profiles list " "\'%s\'"), APPARMOR_PROFILES_PATH); @@ -131,7 +131,7 @@ profile_status_file(const char *str) if (!virFileExists(profile)) goto failed; =20 - if ((len =3D virFileReadAll(profile, MAX_FILE_LEN, &content)) < 0) { + if ((len =3D virFileReadAll(profile, VIR_MAX_FILE_LEN, &content)) < 0)= { virReportSystemError(errno, _("Failed to read \'%s\'"), profile); goto failed; diff --git a/src/security/security_apparmor.h b/src/security/security_appar= mor.h index 7b54eefd8d..ceffa30f14 100644 --- a/src/security/security_apparmor.h +++ b/src/security/security_apparmor.h @@ -24,4 +24,3 @@ extern virSecurityDriver virAppArmorSecurityDriver; =20 #define AA_PREFIX "libvirt-" #define PROFILE_NAME_SIZE 8 + VIR_UUID_STRING_BUFLEN /* AA_PREFIX + uuid = */ -#define MAX_FILE_LEN (1024*1024*10) /* 10MB limit for sanity check = */ diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index e21557c810..0db2248a59 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -211,7 +211,7 @@ update_include_file(const char *include_file, const cha= r *included_files, "# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.\n"; =20 if (virFileExists(include_file)) { - flen =3D virFileReadAll(include_file, MAX_FILE_LEN, &existing); + flen =3D virFileReadAll(include_file, VIR_MAX_FILE_LEN, &existing); if (flen < 0) return rc; } @@ -222,7 +222,7 @@ update_include_file(const char *include_file, const cha= r *included_files, pcontent =3D g_strdup_printf("%s%s", warning, included_files); =20 plen =3D strlen(pcontent); - if (plen > MAX_FILE_LEN) { + if (plen > VIR_MAX_FILE_LEN) { vah_error(NULL, 0, _("invalid length for new profile")); goto cleanup; } @@ -299,7 +299,7 @@ create_profile(const char *profile, const char *profile= _name, return -1; } =20 - if ((tlen =3D virFileReadAll(template, MAX_FILE_LEN, &tcontent)) < 0) { + if ((tlen =3D virFileReadAll(template, VIR_MAX_FILE_LEN, &tcontent)) <= 0) { vah_error(NULL, 0, _("failed to read AppArmor template")); return -1; } @@ -326,7 +326,7 @@ create_profile(const char *profile, const char *profile= _name, if (virtType !=3D VIR_DOMAIN_VIRT_LXC) plen +=3D strlen(replace_files) - strlen(template_end); =20 - if (plen > MAX_FILE_LEN || plen < tlen) { + if (plen > VIR_MAX_FILE_LEN || plen < tlen) { vah_error(NULL, 0, _("invalid length for new profile")); return -1; } @@ -1429,7 +1429,7 @@ vahParseArgv(vahControl * ctl, int argc, char **argv) =20 if (ctl->cmd =3D=3D 'c' || ctl->cmd =3D=3D 'r') { char *xmlStr =3D NULL; - if (virFileReadLimFD(STDIN_FILENO, MAX_FILE_LEN, &xmlStr) < 0) + if (virFileReadLimFD(STDIN_FILENO, VIR_MAX_FILE_LEN, &xmlStr) < 0) vah_error(ctl, 1, _("could not read xml file")); =20 if (get_definition(ctl, xmlStr) !=3D 0 || ctl->def =3D=3D NULL) { diff --git a/src/util/virfile.h b/src/util/virfile.h index 72368495bf..b6bcd1257d 100644 --- a/src/util/virfile.h +++ b/src/util/virfile.h @@ -42,6 +42,9 @@ typedef enum { # define VIR_FILE_MODULE_EXT ".so" #endif =20 +/* 10MB limit for sanity check */ +#define VIR_MAX_FILE_LEN (10 * 1024 * 1024) + ssize_t saferead(int fd, void *buf, size_t count) G_GNUC_WARN_UNUSED_RESUL= T; ssize_t safewrite(int fd, const void *buf, size_t count) G_GNUC_WARN_UNUSED_RESULT; --=20 2.31.1 From nobody Sun May 5 15:14:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626871621; cv=none; d=zohomail.com; s=zohoarc; b=k4Hvtlcb4M5LaTUXWMLx2wsCZ/KbyPOTHh+RGWBUw3dZPs8IgnbXo+aGTK9ez4Q0ZgH9IiXXMNWXHCRRbbPpPFggDSEsj8Onlz0dmE0S+w2zlGisETQnosh/hsbkLYRH9XjqOAk6cCPEd21vWCq3Sd8Kb3gRz5+r+ZAOmgA8GEg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626871621; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PlTXMVTO8P6tjhLDqV+ielEgSz4pjXJSUcX5wCwJWaM=; b=m/u588i+s6ZlKomv96DfXwwBZWLIVS9cNERa5bwk74wnz3Pnnd4uQD2Z7eRJvZyFo1Y8buZWBw70yLGT7V2Vgxr/xSXGgPWbn2lfbOvGAGpDytEaM0YLNCcbNRpvxBmQdFSH3BhQ2R8WMCWASEmqWNCSC+0XGxRb/cXlLFILEPU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1626871621608187.48626188729884; Wed, 21 Jul 2021 05:47:01 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-398-LrAw2hlNPuKHEUfcNocIgw-1; Wed, 21 Jul 2021 08:46:59 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0192B802B7F; Wed, 21 Jul 2021 12:46:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D20AF19C79; Wed, 21 Jul 2021 12:46:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9D5DB4BB7C; Wed, 21 Jul 2021 12:46:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16LCkoiA023562 for ; Wed, 21 Jul 2021 08:46:50 -0400 Received: by smtp.corp.redhat.com (Postfix) id BC51B84A10; Wed, 21 Jul 2021 12:46:50 +0000 (UTC) Received: from work.speedport.ip (ovpn-113-159.ams2.redhat.com [10.36.113.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0F97763BAE; Wed, 21 Jul 2021 12:46:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626871620; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PlTXMVTO8P6tjhLDqV+ielEgSz4pjXJSUcX5wCwJWaM=; b=PyGkR4vmcWeeYIkjzaBfr85Qpgizf05VoBgqEwHCChAjMRDwQXAXxcChlCZKV6WVlLwU6a y0s5Dg8FYsxiIqcs9HtUd+ksi4RPN0yG+A+sgSomDOrLFmhELZx10dBh7CAr6rR44XNJzF mvm9CScOr475c4G4hcRSpEMGRGhaMe4= X-MC-Unique: LrAw2hlNPuKHEUfcNocIgw-1 From: Tim Wiederhake To: libvir-list@redhat.com Subject: [libvirt PATCH 2/4] virfile: Use VIR_MAX_FILE_LEN instead of INT_MAX to limit file size Date: Wed, 21 Jul 2021 14:46:41 +0200 Message-Id: <20210721124643.36824-3-twiederh@redhat.com> In-Reply-To: <20210721124643.36824-1-twiederh@redhat.com> References: <20210721124643.36824-1-twiederh@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Tim Wiederhake X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626871622124100005 Content-Type: text/plain; charset="utf-8" The use of INT_MAX as maximum file length is problematic for reasons discussed in the next commit. Signed-off-by: Tim Wiederhake --- tests/networkxml2firewalltest.c | 2 +- tests/testutils.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltes= t.c index 91336a0c55..114e17fbbd 100644 --- a/tests/networkxml2firewalltest.c +++ b/tests/networkxml2firewalltest.c @@ -176,7 +176,7 @@ mymain(void) =20 basefile =3D g_strdup_printf("%s/networkxml2firewalldata/base.args", a= bs_srcdir); =20 - if (virFileReadAll(basefile, INT_MAX, &baseargs) < 0) + if (virFileReadAll(basefile, VIR_MAX_FILE_LEN, &baseargs) < 0) return EXIT_FAILURE; =20 DO_TEST("nat-default"); diff --git a/tests/testutils.c b/tests/testutils.c index 7d87e30a5c..c71e099bf1 100644 --- a/tests/testutils.c +++ b/tests/testutils.c @@ -313,7 +313,7 @@ virTestLoadFileJSON(const char *p, ...) if (!(path =3D virTestLoadFileGetPath(p, ap))) goto cleanup; =20 - if (virFileReadAll(path, INT_MAX, &jsonstr) < 0) + if (virFileReadAll(path, VIR_MAX_FILE_LEN, &jsonstr) < 0) goto cleanup; =20 if (!(ret =3D virJSONValueFromString(jsonstr))) @@ -562,7 +562,8 @@ virTestCompareToFileFull(const char *actual, if (virTestLoadFile(filename, &filecontent) < 0 && !virTestGetRege= nerate()) return -1; } else { - if (virFileReadAll(filename, INT_MAX, &filecontent) < 0 && !virTes= tGetRegenerate()) + if (virFileReadAll(filename, VIR_MAX_FILE_LEN, &filecontent) < 0 && + !virTestGetRegenerate()) return -1; } =20 --=20 2.31.1 From nobody Sun May 5 15:14:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626871624; cv=none; d=zohomail.com; s=zohoarc; b=fQ2F6IlBc2ADQFZ/HkZLhNf+XmzzACM+k2Hr56Rwi10GyHUEGN8VSNzt0Lflj725dsEPC9TjbDT9qzEp0NrKn3Ua0j7BKZGyEMGhzZb5YbYyT7Xwy5s+usJU3r8M8wsy2mY4fg1Yegb7mEcNHLKdEtl6xsx4jHHQuuq+/fntGGQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626871624; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ILi3uiCD61XjsAIhxfVoScCGkyuWgef4lN3WXXLmKJI=; b=D5Pav6V9SEulyeHXsR2JkGPoJZsNSskkRLGv4TFtHpyvVchVjHJR3r1dq/4eVrxo04moSWEUQiVFCqtDsYxQ1GLlWudd9UkO6YRxw535UJrM6SELuHq+p3r9rzKj1xTDtdQfYDJxB7sHspCp1N0V+BwtUw0eJ0dSfbZeEKfBbyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1626871624572490.33147681729497; Wed, 21 Jul 2021 05:47:04 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-186-KeVq3WJTPGymeHYae3UCcQ-1; Wed, 21 Jul 2021 08:47:02 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D6DB080415A; Wed, 21 Jul 2021 12:46:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A483A17A61; Wed, 21 Jul 2021 12:46:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6F6D7181A1FE; Wed, 21 Jul 2021 12:46:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16LCkpgM023568 for ; Wed, 21 Jul 2021 08:46:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id C463684A10; Wed, 21 Jul 2021 12:46:51 +0000 (UTC) Received: from work.speedport.ip (ovpn-113-159.ams2.redhat.com [10.36.113.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1A16161F21; Wed, 21 Jul 2021 12:46:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626871623; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ILi3uiCD61XjsAIhxfVoScCGkyuWgef4lN3WXXLmKJI=; b=O4+YJMXi0QUu3XxKYHAs4wU+p2shSs85R9EVrZSUY9Q+j0TNpN6LKzmfjmLMb+225m4MgW YocEMfr11MPN+ziTCKJy5I0LYmq3cnn+UAE3aecPYQa9tdAZ3YMdeZWN0ofyQZXSMquBTt vZHfdWJy/P+DiQYwQb/CVUFpXhgkgVY= X-MC-Unique: KeVq3WJTPGymeHYae3UCcQ-1 From: Tim Wiederhake To: libvir-list@redhat.com Subject: [libvirt PATCH 3/4] virFileReadLimFD: Limit maximum file size to INT_MAX - 1 Date: Wed, 21 Jul 2021 14:46:42 +0200 Message-Id: <20210721124643.36824-4-twiederh@redhat.com> In-Reply-To: <20210721124643.36824-1-twiederh@redhat.com> References: <20210721124643.36824-1-twiederh@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Tim Wiederhake X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626871626413100001 Content-Type: text/plain; charset="utf-8" virFileReadLimFD always returns null-terminated data. To that end, it has to add one to the maximum file size. If the maxium file size is INT_MAX, this triggers a signed integer overflow. There is no instance left where a caller would call virFileReadLimFD with a maxium file size of INT_MAX. Make virFileReadLimFD error out if the maximum file size is INT_MAX to prevent the reintroduction of this issue. Signed-off-by: Tim Wiederhake --- src/util/virfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index 723e1ca6e5..b5600658d5 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -1418,7 +1418,7 @@ virFileReadLimFD(int fd, int maxlen, char **buf) size_t len; char *s; =20 - if (maxlen <=3D 0) { + if ((maxlen <=3D 0) || (maxlen >=3D INT_MAX)) { errno =3D EINVAL; return -1; } --=20 2.31.1 From nobody Sun May 5 15:14:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1626871625; cv=none; d=zohomail.com; s=zohoarc; b=ggO2aezKkYUCJiE92H4rrkn2LZ3LOiKTlY5hUJD2ibvY+iCYGsxZBSGN76TWvg78SZi5S5VfHWIl7Dc7Zhb3NUxRct/wReoQYbdBPdVTRDrEnfUjtn5JsBoKBg1faB5Xzn2HYi/lB1kOoD/Y//kTRI0Q1q9xholA/Dnts5fkUrA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626871625; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ryo22P9pKe/mcY6Yb4oerp6XMe060DE/kaIl7+QFleE=; b=RYRznX3Y/zc3lCXwEzY9pMZG+5dErjDmP6xiPXvX7KPZd6YAWuwWQRVX9BQG3X6gLOKPIZ2D89sv3NZDuAq85ho4kQFZ1xJe8dofdsOtF0Vr5CWbC2GWsnWFqL85iNwzrFEQCz14wfS9y3av1kdr+EIK5zq//hTw7f61Oc0TjWw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1626871625123839.8152975735612; Wed, 21 Jul 2021 05:47:05 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-247--GCRIGLBOkC5D4I2zi3eyg-1; Wed, 21 Jul 2021 08:47:02 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4C7EB804141; Wed, 21 Jul 2021 12:46:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0AE6F1970E; Wed, 21 Jul 2021 12:46:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C6B5C4A7CB; Wed, 21 Jul 2021 12:46:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 16LCkqQK023587 for ; Wed, 21 Jul 2021 08:46:52 -0400 Received: by smtp.corp.redhat.com (Postfix) id CF65684A10; Wed, 21 Jul 2021 12:46:52 +0000 (UTC) Received: from work.speedport.ip (ovpn-113-159.ams2.redhat.com [10.36.113.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2467E62684; Wed, 21 Jul 2021 12:46:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1626871624; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ryo22P9pKe/mcY6Yb4oerp6XMe060DE/kaIl7+QFleE=; b=GOeRicqPFHkztJbFeyUOP9GHPE7QyalGm4NgSnxPrenkEIc0oPDrpc/gV/pVCWeYIc8fYh 93n7pOHwz43HkEltoxfG557G1MoZfNvo9fTZb6rdanSFx1mqSzIkysECjQ9qaFya+YXWoc Ob0r1xZuEgFKFiqrtToEy82rcz0o2Hc= X-MC-Unique: -GCRIGLBOkC5D4I2zi3eyg-1 From: Tim Wiederhake To: libvir-list@redhat.com Subject: [libvirt PATCH 4/4] ci: Halt on sanitizer errors Date: Wed, 21 Jul 2021 14:46:43 +0200 Message-Id: <20210721124643.36824-5-twiederh@redhat.com> In-Reply-To: <20210721124643.36824-1-twiederh@redhat.com> References: <20210721124643.36824-1-twiederh@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Tim Wiederhake X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1626871626421100002 Content-Type: text/plain; charset="utf-8" The undefined behaviour sanitizer (UBSAN) defaults to merely printing an error message if it detects undefined behaviour. These error messages often end up in captured output and do not fail the tests, effectively hiding the warning. Make the test cases fail to make the issues visible. Signed-off-by: Tim Wiederhake Reviewed-by: Peter Krempa --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3cb6ff5e6b..4757139fa9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -89,6 +89,8 @@ stages: - meson build --werror -Ddocs=3Ddisabled -Db_lundef=3Dfalse -Db_saniti= ze=3D"$SANITIZER" - ninja -C build; - ninja -C build test; + variables: + UBSAN_OPTIONS: print_stacktrace=3D1:halt_on_error=3D1 =20 # Jobs that we delegate to Cirrus CI because they require an operating # system other than Linux. These jobs will only run if the required --=20 2.31.1