src: fix mixup of stack and heap allocated data in auth callback

mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00

In the following recent change:

  commit db72866310
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   Tue Jan 14 10:40:52 2020 +0000

    util: add API for reading password from the console

the fact that "bufptr" pointer may point to either heap or stack
allocated data was overlooked. As a result, when the strdup was
removed, we ended up returning a pointer to the local stack to
the caller. When the caller referenced this stack pointer they
got out garbage which fairly quickly resulted in a crash.

We need to copy the stack buffer into heap memory in the username
case.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

This commit is contained in:

Daniel P. Berrangé

2020-03-05 15:42:53 +00:00

parent c04e25b66c

commit 415e022118

4 changed files with 67 additions and 2 deletions

									
										5

tests/virsh-auth.xml
									
										Normal file
									
												View File
												
				@@ -0,0 +1,5 @@

				<node>

				  <auth>

				    <user>astrochicken</user>

				  </auth>

				</node>

src: fix mixup of stack and heap allocated data in auth callback

5 tests/virsh-auth.xml Normal file Unescape Escape View File

5

tests/virsh-auth.xml Normal file

View File