Add a path length check to prevent heap overflow (Eric Milliken).

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3916 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
balrog 2008-01-14 03:48:37 +00:00
parent a78b03cb69
commit b34d259a81

View File

@ -341,6 +341,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename)
p_name += sizeof("parentFileNameHint") + 1; p_name += sizeof("parentFileNameHint") + 1;
if ((end_name = strchr(p_name,'\"')) == 0) if ((end_name = strchr(p_name,'\"')) == 0)
return -1; return -1;
if ((end_name - p_name) > sizeof (s->hd->backing_file) - 1)
return -1;
strncpy(s->hd->backing_file, p_name, end_name - p_name); strncpy(s->hd->backing_file, p_name, end_name - p_name);
if (stat(s->hd->backing_file, &file_buf) != 0) { if (stat(s->hd->backing_file, &file_buf) != 0) {