-
Notifications
You must be signed in to change notification settings - Fork 663
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
remote: check for negative array lengths before allocation
While the C API entry points will validate non-negative lengths for various parameters, the RPC server de-serialization code will need to allocate memory for arrays before entering the C API. These allocations will thus happen before the non-negative length check is performed. Passing a negative length to the g_new0 function will usually result in a crash due to the negative length being treated as a huge positive number. This was found and diagnosed by ALT Linux Team with AFLplusplus. CVE-2024-2494 Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Found-by: Alexandr Shashkin <dutyrok@altlinux.org> Co-developed-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
- Loading branch information
Showing
2 changed files
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters