qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Security house-cleaning


From: Tim
Subject: [Qemu-devel] [PATCH] Security house-cleaning
Date: Wed, 16 Jun 2004 21:38:38 -0700
User-agent: Mutt/1.5.6+20040523i

After noticing the string format vulnerability the other day, I decided
to do a quick audit of calls to commonly mis-used string functions.  I
came across a few that looked a bit troublesome, in a security sense, so
I have updated them to their safer, length-checking counterparts.

I have to say, the core QEMU code is quite clean, and I feel that much
more confident in using it for honeypot projects later on. ;-)  The
biggest culprit in terms of potential overflows, was the slirp code.
There were some disturbing instances where strings were being pulled
directly from the command line and tossed into a fixed-length buffer
with no checks. =-X  I can't say that I understand at all how slirp
works, so I don't know if it is exploitable.

I will continue to develop this patch, as I monitor and test the newest
code on HEAD.  I do not currently use many parts of the codebase in my
testing though, so be sure to test the patch well before committing it,
particularly the slirp changes.

thanks,
tim

PS - a README is included for you Hetz, if you want to place it on your
site. 

Attachment: security_20040616.tar.gz
Description: Binary data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]