[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qga: check length of command-line & environment
From: |
P J P |
Subject: |
Re: [Qemu-devel] [PATCH] qga: check length of command-line & environment variables |
Date: |
Fri, 11 Jan 2019 15:22:51 +0530 (IST) |
+-- On Mon, 7 Jan 2019, P J P wrote --+
| Qemu guest agent while executing user commands does not seem to
| check length of argument list and/or environment variables passed.
| It may lead to integer overflow or infinite loop issues. Add check
| to avoid it.
|
| - size_t str_size = 1;
| + size_t str_size = 1, args_max;
|
| + args_max = sysconf(_SC_ARG_MAX);
Looks like sysconf()/_SC_ARG_MAX declarations aren't available. Is it okay to
include header <unistd.h> ?
===
diff --git a/qga/commands.c b/qga/commands.c
--- a/qga/commands.c
+++ b/qga/commands.c
@@ -18,6 +18,7 @@
#include "qemu/atomic.h"
+#include <unistd.h>
===
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F