[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] qga: check length of command-line & environm

From: P J P
Subject: Re: [Qemu-devel] [PATCH v2] qga: check length of command-line & environment variables
Date: Wed, 29 May 2019 20:05:28 +0530 (IST)

+-- On Wed, 29 May 2019, Marc-André Lureau wrote --+
| assert() is good if it's a programming error: that is if it should never 
| happen at run-time. It's a decent way to document the code.

  True; But terminating server because a user sent more input parameters does 
not sound good.

  {"error": {"class": "GenericError", "desc": "Guest agent command failed, 
   error was 'Failed to execute child process \u201C/bin/ls\u201D
  (Argument list too long)'"}}

returning an error, as it does, is better IMO.

| >
| > I think same limit will apply to commands coming via QAPIs as well?
| What do you mean? If the generated API is used internally by QEMU?
| (it's not, but in this case there would be no limit)

IIUC, the QAPIs could be used by external libraries/clients to send 
messages/commands to qemu/qemu-ga?

Thank you.
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

reply via email to

[Prev in Thread] Current Thread [Next in Thread]