From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Jx11u-0007mM-8B
	for qemu-devel@nongnu.org; Fri, 16 May 2008 10:35:30 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Jx11s-0007ls-FJ
	for qemu-devel@nongnu.org; Fri, 16 May 2008 10:35:29 -0400
Received: from [199.232.76.173] (port=43236 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Jx11s-0007ln-Ai
	for qemu-devel@nongnu.org; Fri, 16 May 2008 10:35:28 -0400
Received: from ti-out-0910.google.com ([209.85.142.185]:42716)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1Jx11r-0005Zz-K4
	for qemu-devel@nongnu.org; Fri, 16 May 2008 10:35:28 -0400
Received: by ti-out-0910.google.com with SMTP id y6so486936tia.18
	for <qemu-devel@nongnu.org>; Fri, 16 May 2008 07:35:23 -0700 (PDT)
Message-ID: <482D9BA5.20607@codemonkey.ws>
Date: Fri, 16 May 2008 09:35:17 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Use of PATH_MAX
References: <18477.36259.30442.280531@mariner.uk.xensource.com>	<482D9387.7070807@codemonkey.ws>
	<20080516.080940.74651723.imp@bsdimp.com>
In-Reply-To: <20080516.080940.74651723.imp@bsdimp.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Warner Losh <imp@bsdimp.com>
Cc: qemu-devel@nongnu.org

Warner Losh wrote:
> From: Anthony Liguori <anthony@codemonkey.ws>
> Subject: Re: [Qemu-devel] Use of PATH_MAX
> Date: Fri, 16 May 2008 09:00:39 -0500
>
> As is the use of dynamic buffers.  If you don't always test system
> call return value, you can get odd new failures.  If you don't provide
> a sane upper bound, then you get DoS attacks...
>   

Guests don't provide filenames so no, there is no DoS attack.  As long 
as you handle allocation failures gracefully, it's fine.

The problem with static buffers is that we silently truncate filenames.  
At best, this means something that should work, won't.  At worst, this 
means that instead of opening the file you meant to open, you'll open a 
file that you didn't mean to open and overwrite the data.

Regards,

Anthony Liguori

> Warner
>