Add a path length check to prevent heap overflow (Eric Milliken).
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
parent
a78b03cb69
commit
b34d259a81
@ -341,6 +341,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename)
|
|||||||
p_name += sizeof("parentFileNameHint") + 1;
|
p_name += sizeof("parentFileNameHint") + 1;
|
||||||
if ((end_name = strchr(p_name,'\"')) == 0)
|
if ((end_name = strchr(p_name,'\"')) == 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
if ((end_name - p_name) > sizeof (s->hd->backing_file) - 1)
|
||||||
|
return -1;
|
||||||
|
|
||||||
strncpy(s->hd->backing_file, p_name, end_name - p_name);
|
strncpy(s->hd->backing_file, p_name, end_name - p_name);
|
||||||
if (stat(s->hd->backing_file, &file_buf) != 0) {
|
if (stat(s->hd->backing_file, &file_buf) != 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user