Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes-restore: fix buffer reading loop

Browse Source 
It would work twice, but no more.

Also guard explicitely against buffer overflow, since once that
code actually works, sizeof(buf)-buflen will be interpreted as
large positive, and allow overwriting the stack.
This commit is contained in:
Vincent Penquerc'h 2013-12-30 09:20:16 -05:00 committed by Marek Marczykowski-Górecki
parent 67c198552b
commit 702cd90c4d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dispvm/qubes-restore.c
View File

@ -268,8 +268,14 @@ void fix_conffile(FILE *conf, int conf_templ, int dispid, int netvm_id)
perror("lseek vm conf");
exit(1);
}
while ((cur_len = read(conf_templ, buf+cur_len, sizeof(buf)-cur_len)) > 0) {
while ((cur_len = read(conf_templ, buf+buflen, sizeof(buf)-buflen)) > 0) {
buflen+=cur_len;
if (buflen >= sizeof(buf)) {
/* We'll false positive if the file is exactly sizeof(buf) bytes,
as we don't know if there's any more stuff in the file */
fprintf(stderr, "vm conf too large\n");
exit(1);
}
}
if (cur_len < 0) {
perror("read vm conf");