[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qemu-bridge-helper: restrict bridge name to IFN
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [PATCH] qemu-bridge-helper: restrict bridge name to IFNAMSIZ |
|
Date: |
Fri, 28 Jun 2019 12:32:20 +0100 |
|
User-agent: |
Mutt/1.12.0 (2019-05-25) |
On Fri, Jun 28, 2019 at 04:51:31PM +0530, P J P wrote:
> +-- On Fri, 28 Jun 2019, Daniel P. Berrangé wrote --+
> | Can you elaborate on the way to exploit this as I'm not seeing
> | any way that doesn't involve mis-configuration of the ACL
> | config file data.
>
> True, it depends on having an 'allow all' rule. If the bridge.conf had an
> 'allow all' rule below
>
> ==
> deny BridgeLength0xF
> allow all
> ==
>
> And user supplied name as --br=BridgeLength0xFun
>
> if (strcmp(bridge, acl_rule->iface) == 0) {
>
> the strcmp(3) above would not match the deny ACL rule, because given bridge
> name is longer. And qemu-bridge-helper would go on to connect the tap device
> with a bridge that is configured to have access denied.
Ok, so we should explicitly report an error if the user supplied
bridge name is too long, not silently truncate it.
We should also reoprt an error if config file has too long a bridge
name.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|