SidneyAn 9d0703d95f ensure string "null-terminated" and fix memory overwrite risk. ... Description: 1. once new socket is added, "strncpy" is used to copy instance_name from source string to dest, but it does not guarantee null terminated. 2. there is a memory overwrite risk when it get instance_name from a file's name Solution: 1. we bounded length of string instance_name to ensure it is "null-terminated". 2. limit the copy length when instance_name is get Test Case: 1. success to build and deploy 1 controller + 1 compute (virtual) 2. trigger memory overwrite in a debug version with some logs added. With origin code, "instance_name" in function "file_to_instance_name()" is assigned to a string whose length is greater than its capacity. With patch code, "instance_name" has a limit assign length and a null terminate. Reproduce: To trigger memory overwrite case, a socket file with super long name is generated under "/var/lib/libvirt/qemu/" which is monitored by this software Closes-Bug: 1794704 Signed-off-by: SidneyAn <ran1.an@intel.com> Change-Id: Ifb97e3dc1b59ebdc23cda73731fb02dc342d0520		2018-11-16 05:18:16 +00:00
..
centos	StarlingX open source release updates	2018-05-31 07:36:51 -07:00
host-guest-comm-2.0	ensure string "null-terminated" and fix memory overwrite risk.	2018-11-16 05:18:16 +00:00
PKG-INFO	StarlingX open source release updates	2018-05-31 07:36:51 -07:00