Red Hat Bugzilla – Bug 597135
guestfish write-file cmd does not check "size" parameter
Last modified: 2011-07-14 15:12:06 EDT
Created attachment 417508 [details]
guestfish write-file cmd logs
Description of problem:
guestfish write-file cmd does not check the size parameter, this cause two issues:
1. if size is greater than the actual string length, random content will returned and written to the file, I guess it just overflow the char* pointer address and dump the XDR buffer to file
2. if size is negative or a great value that exceeds XDR buffer,will cause "bad address" error
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run guestfish with an existing image
2. issue cmd " write-file /t.txt "abcdefg" SIZE
3. SIZE could be some vaule great than the string leng, such as 10000
random content will return with size larger than actual string length
Should not return random content nor "bad address" error, size should be checked in do_write_file function
Patch posted upstream:
libguestfs-1.2.9-1.el5 has been submitted as an update for Fedora EPEL 5.
libguestfs-1.2.9-1.fc13 has been submitted as an update for Fedora 13.
This patch has been pushed upstream.
If this needs to be fixed for RHEL 5 / 6, please clone
this bug and adjust the Product accordingly.
libguestfs-1.2.9-1.el5.1 has been submitted as an update for Fedora EPEL 5.