virtfs-proxy-helper: fix call to accept

Message ID	1397929197-21234-1-git-send-email-vapier@gentoo.org
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Mike Frysinger <vapier@gentoo.org> To: qemu-devel@nongnu.org Date: Sat, 19 Apr 2014 13:39:57 -0400 Message-Id: <1397929197-21234-1-git-send-email-vapier@gentoo.org> Cc: aneesh.kumar@linux.vnet.ibm.com, Tim Comer <comer0@gmail.com> Subject: [Qemu-devel] [PATCH] virtfs-proxy-helper: fix call to accept Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1397929197-21234-1-git-send-email-vapier@gentoo.org

State

New

Headers

From: Mike Frysinger <vapier@gentoo.org>
To: qemu-devel@nongnu.org
Date: Sat, 19 Apr 2014 13:39:57 -0400
Message-Id: <1397929197-21234-1-git-send-email-vapier@gentoo.org>
Cc: aneesh.kumar@linux.vnet.ibm.com, Tim Comer <comer0@gmail.com>
Subject: [Qemu-devel] [PATCH] virtfs-proxy-helper: fix call to accept
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Mike Frysinger April 19, 2014, 5:39 p.m. UTC

From: Tim Comer <comer0@gmail.com>

The current code calls accept() without initializing the size parameter
which means the accept call might write too much to the stack.

URL: https://bugs.gentoo.org/486714
Signed-off-by: Tim Comer <comer0@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 fsdev/virtfs-proxy-helper.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Paolo Bonzini April 19, 2014, 9 p.m. UTC | #1

Il 19/04/2014 13:39, Mike Frysinger ha scritto:
> From: Tim Comer <comer0@gmail.com>
>
> The current code calls accept() without initializing the size parameter
> which means the accept call might write too much to the stack.
>
> URL: https://bugs.gentoo.org/486714
> Signed-off-by: Tim Comer <comer0@gmail.com>
> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
> ---
>  fsdev/virtfs-proxy-helper.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
> index bfecb87..cd291d3 100644
> --- a/fsdev/virtfs-proxy-helper.c
> +++ b/fsdev/virtfs-proxy-helper.c
> @@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid)
>          return -1;
>      }
>
> +    size = sizeof(qemu);
>      client = accept(sock, (struct sockaddr *)&qemu, &size);
>      if (client < 0) {
>          do_perror("accept");
>

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Michael Tokarev April 27, 2014, 9:11 a.m. UTC | #2

20.04.2014 01:00, Paolo Bonzini wrote:
> Il 19/04/2014 13:39, Mike Frysinger ha scritto:
>> From: Tim Comer <comer0@gmail.com>
>>
>> The current code calls accept() without initializing the size parameter
>> which means the accept call might write too much to the stack.

Applied to -trivial, thanks!

/mjt

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index bfecb87..cd291d3 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -760,6 +760,7 @@  static int proxy_socket(const char *path, uid_t uid, gid_t gid)
         return -1;
     }
 
+    size = sizeof(qemu);
     client = accept(sock, (struct sockaddr *)&qemu, &size);
     if (client < 0) {
         do_perror("accept");

virtfs-proxy-helper: fix call to accept

Commit Message

Comments

Patch