NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
Read-only mirror. Please submit merge requests / issues to https://gitlab.com/libvirt/libvirt
17,842 Commits 67 Branches 632 Tags 1.1 GiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
f9f9699f40
Go to file
Laine Stump f9f9699f40 util: eliminate "use after free" in callers of virNetDevLinkDump 
virNetDevLinkDump() gets a message from netlink into "resp", then
calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
then returns tb to its caller, but not before freeing the buffer at
resp. That means that all the callers of virNetDevLinkDump() are
examining memory that has already been freed. This can be verified by
filling the buffer at resp with garbage prior to freeing it (or, I
suppose, just running libvirtd under valgrind) then performing some
operation that calls virNetDevLinkDump().

The code has been like this ever since virNetDevLinkDump() was written
- the original author didn't notice it, and neither did later
additional users of the function. It has only been pure luck (or maybe
a lack of heavy load, and/or maybe an allocation algorithm in malloc()
that delays re-use of just-freed memory) that has kept this from
causing errors, for example when configuring a PCI passthrough or
macvtap passthrough network interface.

The solution taken in this patch is the simplest - just return resp to
the caller along with tb, then have the caller free it after they are
finished using the data (pointers) in tb. I alternately could have
made a cleaner interface by creating a new struct that put tb and resp
together along with a vir*Free() function for it, but this function is
only used in a couple places, and I'm not sure there will be
additional new uses of virNetDevLinkDump(), so the value of adding a
new type, extra APIs, etc. is dubious.
2014-10-26 12:23:23 -04:00
.gnulib@9565c3be73 maint: update to latest gnulib 2014-09-06 19:14:43 -06:00
build-aux maint: improve syntax check for space around = 2014-08-12 11:21:17 -06:00
daemon tunable_event: extend debug message and tweak limit for remote message 2014-09-25 10:56:04 +02:00
docs Move virConnect related APIs out of libvirt.h.in 2014-10-24 17:23:51 +01:00
examples event_example: cleanup example code for tunable event 2014-09-26 09:33:58 +02:00
gnulib maint: update to latest gnulib 2014-01-01 06:02:47 -07:00
include Fix preprocessor indentation in libvirt.h.in 2014-10-24 17:23:52 +01:00
m4 build: prefer -fstack-protector-strong to -all 2014-06-12 08:16:03 +02:00
po Move virConnect/virNode related APIs out of libvirt.c 2014-10-24 16:59:58 +01:00
src util: eliminate "use after free" in callers of virNetDevLinkDump 2014-10-26 12:23:23 -04:00
tests tests: Add SELINUX_LIBS to fix viridentitytest linker bug 2014-10-24 12:01:10 -06:00
tools virsh: domain: Use global constant for XML file size limit 2014-10-14 10:04:31 +02:00
.ctags maint: Make ctags work out of the box 2013-07-18 08:47:21 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore daemon: use socket activation with systemd 2014-08-22 09:12:14 +02:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap maint: update .mailmap 2014-10-06 08:23:47 -06:00
AUTHORS.in Cleanup maintainers list 2014-10-15 10:16:47 +02:00
autobuild.sh Disable libvirtd by default when building on Win32 2014-04-29 11:30:32 +01:00
autogen.sh maint: detect VPATH builds when checking for gnulib update 2014-06-04 16:06:55 -06:00
bootstrap maint: update to latest gnulib 2014-01-01 06:02:47 -07:00
bootstrap.conf Add helpers for getting env vars in a setuid environment 2013-10-21 14:03:52 +01:00
cfg.mk Fix preprocessor indentation in libvirt.h.in 2014-10-24 17:23:52 +01:00
ChangeLog-old Fix typos in src/* 2014-04-21 16:49:08 -06:00
config-post.h build: fix build of virt-login-shell on systems with older gnutls 2013-10-22 09:41:50 -06:00
configure.ac configure: improve misleading libnl3-devel missing error message 2014-10-03 16:08:44 +02:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING doc: HACKING: Regenerate after recent change 2014-10-22 17:50:08 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in Move virConnect related APIs out of libvirt.h.in 2014-10-24 17:23:51 +01:00
Makefile.am examples: Introduce domtop 2014-07-18 16:39:54 +02:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in Move virConnect related APIs out of libvirt.h.in 2014-10-24 17:23:51 +01:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking docs: update README-hacking 2014-05-06 16:20:24 -06:00
run.in Add PKG_CONFIG_PATH to run.in script. 2014-06-26 14:32:35 +01:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>