From: Eric Blake <eblake@redhat.com>
Date: Wed, 3 Mar 2010 00:16:05 +0000 (-0700)
Subject: uml: avoid crash on partial read
X-Git-Tag: v0.7.7~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4acbb29821391d73bccc2d5b049e8f1e1491308a;p=thirdparty%2Flibvirt.git

uml: avoid crash on partial read

Coverity detected a potential dereference of uninitialized memory
if recvfrom got cut short.

* src/uml/uml_driver.c (umlMonitorCommand): Validate complete read
prior to dereferencing res.
---

diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index bbea4295f3..eec239f4ff 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -733,14 +733,24 @@ static int umlMonitorCommand(virConnectPtr conn,
     }
 
     do {
+        ssize_t nbytes;
         addrlen = sizeof(addr);
-        if (recvfrom(priv->monitor, &res, sizeof res, 0,
-                     (struct sockaddr *)&addr, &addrlen) < 0) {
+        nbytes = recvfrom(priv->monitor, &res, sizeof res, 0,
+                          (struct sockaddr *)&addr, &addrlen) < 0;
+        if (nbytes < 0) {
+            if (errno == EAGAIN || errno == EINTR)
+                continue;
             virReportSystemError(errno,
                                  _("cannot read reply %s"),
                                  cmd);
             goto error;
         }
+        if (nbytes < sizeof res) {
+            virReportSystemError(errno,
+                                 _("incomplete reply %s"),
+                                 cmd);
+            goto error;
+        }
 
         if (VIR_REALLOC_N(retdata, retlen + res.length) < 0) {
             virReportOOMError();