Message ID | 1397929197-21234-1-git-send-email-vapier@gentoo.org |
---|---|
State | New |
Headers | show |
Il 19/04/2014 13:39, Mike Frysinger ha scritto: > From: Tim Comer <comer0@gmail.com> > > The current code calls accept() without initializing the size parameter > which means the accept call might write too much to the stack. > > URL: https://bugs.gentoo.org/486714 > Signed-off-by: Tim Comer <comer0@gmail.com> > Signed-off-by: Mike Frysinger <vapier@gentoo.org> > --- > fsdev/virtfs-proxy-helper.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c > index bfecb87..cd291d3 100644 > --- a/fsdev/virtfs-proxy-helper.c > +++ b/fsdev/virtfs-proxy-helper.c > @@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid) > return -1; > } > > + size = sizeof(qemu); > client = accept(sock, (struct sockaddr *)&qemu, &size); > if (client < 0) { > do_perror("accept"); > Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
20.04.2014 01:00, Paolo Bonzini wrote: > Il 19/04/2014 13:39, Mike Frysinger ha scritto: >> From: Tim Comer <comer0@gmail.com> >> >> The current code calls accept() without initializing the size parameter >> which means the accept call might write too much to the stack. Applied to -trivial, thanks! /mjt
diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c index bfecb87..cd291d3 100644 --- a/fsdev/virtfs-proxy-helper.c +++ b/fsdev/virtfs-proxy-helper.c @@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid) return -1; } + size = sizeof(qemu); client = accept(sock, (struct sockaddr *)&qemu, &size); if (client < 0) { do_perror("accept");