qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/1 v3] Allow machines to configure the QEMU_VER

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH 1/1 v3] Allow machines to configure the QEMU_VERSION that's exposed via hardware
Date: Fri, 13 Apr 2012 13:26:25 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 
On 04/13/2012 01:16 PM, Crístian Viana wrote:
> Based on the following conversation:
> 
> http://mid.gmane.org/address@hidden
> 
>> Which reminds me - qemu sticks the release version in
>> guest visible places like CPU version.
>> This is wrong and causes windows guests to print messages
>> about driver updates when you switch.
>> We should find all these places and stop doing this.
> 
> There is a new field on the struct QEmuMachine, hw_version, which may
> contain the version that the specific machine should report. If that
> field is set, then that machine will report that version to the virtual
> machine.
> 

> +++ b/hw/nseries.c
> @@ -1247,7 +1247,7 @@ static int n8x0_atag_setup(void *p, int model)
>      stw_raw(w ++, 24);                               /* u16 len */
>      strcpy((void *) w, "hw-build");          /* char component[12] */
>      w += 6;
> -    strcpy((void *) w, "QEMU " QEMU_VERSION);        /* char version[12] */
> +    sprintf((void *) w, "QEMU %s", qemu_get_version()); /* char version[12] 
> */


> @@ -242,3 +244,12 @@ ssize_t qemu_recv_full(int fd, void *buf, size_t count, 
> int flags)
>      return total;
>  }
>  
> +void qemu_set_version(const char *version)
> +{
> +    qemu_version = version;
> +}
> +
> +const char *qemu_get_version(void)
> +{
> +    return qemu_version;
> +}

qemu_get_version returns whatever string got put there by
qemu_set_version.  Am I correct that the user has full control over the
string passed to qemu_set_version?  If so, then you have a bug in
nseries.c: sprintf() is asking for a buffer overflow.  Remember,
QEMU_VERSION has a compile-time fixed length, but if qemu_get_version()
is an arbitrary user string, you no longer have a guarantee that you fit
in version[12].  Besides, since you are only pasting in a single string,
you could do this more efficiently through a strcat() variant instead of
switching to snprintf() (I'm not sure off-hand which qemu_* function is
best for your purpose, but there's probably something out there).

-- 
Eric Blake   address@hidden    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]