[pve-devel] applied: [PATCH cluster 1/2] cfs-utils cluster_config_version: actually enforce config_length when matching

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Aug 29 19:48:04 CEST 2019


Fix out-of-bound read found with AddressSanitizer

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 data/src/cfs-utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/src/cfs-utils.c b/data/src/cfs-utils.c
index 2c91621..acf65b2 100644
--- a/data/src/cfs-utils.c
+++ b/data/src/cfs-utils.c
@@ -167,9 +167,9 @@ cluster_config_version(
 	GRegex *regex;
 	GMatchInfo *match_info;
 	guint64 version = 0;
-	
+
 	regex = g_regex_new ("config_version\\s*:\\s*(\\d+)", 0, 0, NULL);
-	g_regex_match (regex, config_data, 0, &match_info);
+	g_regex_match_full(regex, config_data, config_length, 0, 0, &match_info, NULL);
 	if (g_match_info_matches (match_info)) {
 		gchar *word = g_match_info_fetch (match_info, 1);
 		if (strlen(word)) {
-- 
2.20.1




More information about the pve-devel mailing list