提交 47fb5672 编写于 作者: D Daniel P. Berrange

Add bounds checking on virConnectListAllSecrets RPC call

The return values for the virConnectListAllSecrets call were not
bounds checked. This is a robustness issue for clients if
something where to cause corruption of the RPC stream data.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 12034511
......@@ -4433,6 +4433,13 @@ remoteDispatchConnectListAllSecrets(virNetServerPtr server ATTRIBUTE_UNUSED,
args->flags)) < 0)
goto cleanup;
if (nsecrets > REMOTE_SECRET_LIST_MAX) {
virReportError(VIR_ERR_RPC,
_("Too many secrets '%d' for limit '%d'"),
nsecrets, REMOTE_SECRET_LIST_MAX);
goto cleanup;
}
if (secrets && nsecrets) {
if (VIR_ALLOC_N(ret->secrets.secrets_val, nsecrets) < 0)
goto cleanup;
......
......@@ -3107,6 +3107,13 @@ remoteConnectListAllSecrets(virConnectPtr conn,
(char *) &ret) == -1)
goto done;
if (ret.secrets.secrets_len > REMOTE_SECRET_LIST_MAX) {
virReportError(VIR_ERR_RPC,
_("Too many secrets '%d' for limit '%d'"),
ret.secrets.secrets_len, REMOTE_SECRET_LIST_MAX);
goto cleanup;
}
if (secrets) {
if (VIR_ALLOC_N(tmp_secrets, ret.secrets.secrets_len + 1) < 0)
goto cleanup;
......
......@@ -188,7 +188,7 @@ const REMOTE_SECRET_VALUE_MAX = 65536;
/*
* Upper limit on list of secrets.
*/
const REMOTE_SECRET_UUID_LIST_MAX = 16384;
const REMOTE_SECRET_LIST_MAX = 16384;
/*
* Upper limit on list of CPUs accepted when computing a baseline CPU.
......@@ -2002,7 +2002,7 @@ struct remote_connect_list_secrets_args {
};
struct remote_connect_list_secrets_ret {
remote_nonnull_string uuids<REMOTE_SECRET_UUID_LIST_MAX>; /* insert@1 */
remote_nonnull_string uuids<REMOTE_SECRET_LIST_MAX>; /* insert@1 */
};
struct remote_secret_lookup_by_uuid_args {
......@@ -2728,7 +2728,7 @@ struct remote_connect_list_all_secrets_args {
};
struct remote_connect_list_all_secrets_ret {
remote_nonnull_secret secrets<>;
remote_nonnull_secret secrets<REMOTE_SECRET_LIST_MAX>;
unsigned int ret;
};
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册