Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 597135 - guestfish write-file cmd does not check "size" parameter
Summary: guestfish write-file cmd does not check "size" parameter
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libguestfs
Version: unspecified
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-28 08:18 UTC by Pengzhen Cao
Modified: 2011-07-14 19:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-14 19:12:06 UTC


Attachments (Terms of Use)
guestfish write-file cmd logs (deleted)
2010-05-28 08:18 UTC, Pengzhen Cao
no flags Details

Description Pengzhen Cao 2010-05-28 08:18:43 UTC
Created attachment 417508 [details]
guestfish write-file cmd logs

Description of problem:
guestfish write-file cmd does not check the size parameter, this cause two issues:
1. if size is greater than the actual string length, random content will returned and written to the file, I guess it just overflow the char* pointer address and dump the XDR buffer to file
2. if size is negative or a great value that exceeds XDR buffer,will cause "bad address" error

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. run guestfish with an existing image
2. issue cmd " write-file /t.txt  "abcdefg" SIZE
3. SIZE could be some vaule great than the string leng, such as 10000
  
Actual results:
random content will return with size larger than actual string length

Expected results:
Should not return random content nor "bad address" error, size should be checked in do_write_file function

Additional info:
logs appended

Comment 1 Richard W.M. Jones 2010-06-01 15:22:27 UTC
Patch posted upstream:
https://www.redhat.com/archives/libguestfs/2010-June/msg00012.html

Comment 2 Fedora Update System 2010-06-02 21:12:28 UTC
libguestfs-1.2.9-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/libguestfs-1.2.9-1.el5

Comment 3 Fedora Update System 2010-06-02 21:26:15 UTC
libguestfs-1.2.9-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/libguestfs-1.2.9-1.fc13

Comment 4 Richard W.M. Jones 2010-06-02 21:33:02 UTC
This patch has been pushed upstream.

If this needs to be fixed for RHEL 5 / 6, please clone
this bug and adjust the Product accordingly.

Comment 5 Fedora Update System 2010-06-03 08:48:53 UTC
libguestfs-1.2.9-1.el5.1 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/libguestfs-1.2.9-1.el5.1


Note You need to log in before you can comment on or make changes to this bug.