Add bounds checking on virDomainGetJobStats RPC call

The return values for the virDomainGetJobStats call were not
bounds checked. This is a robustness issue for clients if
something where to cause corruption of the RPC stream data.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

daemon/remote.c

@@ -4579,6 +4579,13 @@ remoteDispatchDomainGetJobStats(virNetServerPtr server ATTRIBUTE_UNUSED,
                              &nparams, args->flags) < 0)
         goto cleanup;
 
+    if (nparams > REMOTE_DOMAIN_JOB_STATS_MAX) {
+        virReportError(VIR_ERR_RPC,
+                       _("Too many job stats '%d' for limit '%d'"),
+                       nparams, REMOTE_DOMAIN_JOB_STATS_MAX);
+        goto cleanup;
+    }
+
     if (remoteSerializeTypedParameters(params, nparams,
                                        &ret->params.params_val,
                                        &ret->params.params_len,

src/remote/remote_driver.c

@@ -5998,6 +5998,14 @@ remoteDomainGetJobStats(virDomainPtr domain,
              (xdrproc_t) xdr_remote_domain_get_job_stats_ret, (char *) &ret) == -1)
         goto done;
 
+    if (ret.params.params_len > REMOTE_DOMAIN_JOB_STATS_MAX) {
+        virReportError(VIR_ERR_RPC,
+                       _("Too many job stats '%d' for limit '%d'"),
+                       ret.params.params_len,
+                       REMOTE_DOMAIN_JOB_STATS_MAX);
+        goto cleanup;
+    }
+
     *type = ret.type;
 
     if (remoteDeserializeTypedParameters(ret.params.params_val,

src/remote/remote_protocol.x

@@ -237,6 +237,9 @@ const REMOTE_NODE_MEMORY_PARAMETERS_MAX = 64;
 /* Upper limit on migrate parameters */
 const REMOTE_DOMAIN_MIGRATE_PARAM_LIST_MAX = 64;
 
+/* Upper limit on number of job stats */
+const REMOTE_DOMAIN_JOB_STATS_MAX = 16;
+
 /* UUID.  VIR_UUID_BUFLEN definition comes from libvirt.h */
 typedef opaque remote_uuid[VIR_UUID_BUFLEN];
 
@@ -2196,7 +2199,7 @@ struct remote_domain_get_job_stats_args {
 
 struct remote_domain_get_job_stats_ret {
     int type;
-    remote_typed_param params<>;
+    remote_typed_param params<REMOTE_DOMAIN_JOB_STATS_MAX>;
 };