[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 17/21] virtio-channel: parse qga stream for VMDU

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH 17/21] virtio-channel: parse qga stream for VMDUMP_INFO event
Date: Wed, 5 Apr 2017 12:06:56 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

On 04/05/2017 11:12 AM, Daniel P. Berrange wrote:
> On Sat, Mar 11, 2017 at 05:22:52PM +0400, Marc-André Lureau wrote:
>> On virtio channel "org.qemu.guest_agent.0", parse the json stream until
>> the VMDUMP_INFO is received and retrieve the dump details.

> so we just continually feed data into the json parser until we see the
> event we care about....
> What kind of denial of service protection does our JSON parser have. Now
> that QEMU is directly parsing JSON from QEMU guest agent, it is exposed
> to malicious attack by the guest agent.

Our JSON parser rejects input that exceeds various limits:

#define MAX_TOKEN_SIZE (64ULL << 20)

#define MAX_TOKEN_SIZE (64ULL << 20)
#define MAX_TOKEN_COUNT (2ULL << 20)
#define MAX_NESTING (1ULL << 10)

> eg what happens if the 'vmcoreinfo' string in the JSON doc received from
> the guest ends up being 10GB in size ? Is that going to cause our JSON
> parser to allocate QString which is 10GB in size which we'll further
> try to strdup just below too...

The parser will have rejected the guest data long before the 10GB mark.
But our error recovery from that rejection may not be ideal...

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]