Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)
authorDaniel P. Berrange <berrange@redhat.com>
Mon, 19 Aug 2013 13:55:21 +0000 (14:55 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Thu, 29 Aug 2013 14:49:54 +0000 (15:49 +0100)
commitc30273ffba1579560548a16da063b95a8c9a1dc9
treefc18a1bcb6dfaae7e981cb939faf229a94047baf
parent7d7e29bb939e3caabe8ddfef42bb44c0011436f3
Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)

The parameters for the virDomainMigrate*Params RPC calls were
not bounds checks, meaning a malicious client can cause libvirtd
to consume arbitrary memory

This issue was introduced in the 1.1.0 release of libvirt

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit fd6f6a48619eb221afeb1c5965537534cd54e01d)
daemon/remote.c
src/remote/remote_driver.c
src/remote/remote_protocol.x