Il 19/04/2014 13:39, Mike Frysinger ha scritto:
From: Tim Comer <com...@gmail.com>

The current code calls accept() without initializing the size parameter
which means the accept call might write too much to the stack.

URL: https://bugs.gentoo.org/486714
Signed-off-by: Tim Comer <com...@gmail.com>
Signed-off-by: Mike Frysinger <vap...@gentoo.org>
---
 fsdev/virtfs-proxy-helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c
index bfecb87..cd291d3 100644
--- a/fsdev/virtfs-proxy-helper.c
+++ b/fsdev/virtfs-proxy-helper.c
@@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t 
gid)
         return -1;
     }

+    size = sizeof(qemu);
     client = accept(sock, (struct sockaddr *)&qemu, &size);
     if (client < 0) {
         do_perror("accept");


Reviewed-by: Paolo Bonzini <pbonz...@redhat.com>

Reply via email to