starlingx
/
nfv
Code Issues Proposed changes
StarlingX NFVI Orchestration
100 Commits 19 Branches 28 Tags 37 MiB
Python 82.8%
JavaScript 7.3%
C++ 6.8%
Shell 1.6%
Handlebars 0.9%
Other 0.6%
Go to file
SidneyAn 9d0703d95f ensure string "null-terminated" and fix memory overwrite risk. 
Description:
1. once new socket is added, "strncpy" is used to copy instance_name
from source string to dest, but it does not guarantee null terminated.
2. there is a memory overwrite risk when it get instance_name from
a file's name

Solution:
1. we bounded length of string instance_name to ensure it is
"null-terminated".
2. limit the copy length when instance_name is get

Test Case:
  1. success to build and deploy 1 controller + 1 compute (virtual)
  2. trigger memory overwrite in a debug version with some logs added.
     With origin code, "instance_name" in function "file_to_instance_name()"
is assigned to a string whose length is greater than its capacity.
     With patch code, "instance_name" has a limit assign length
and a null terminate.

Reproduce:
To trigger memory overwrite case, a socket file with super long name is
generated under "/var/lib/libvirt/qemu/" which is monitored by this software

Closes-Bug: 1794704
Signed-off-by: SidneyAn <ran1.an@intel.com>
Change-Id: Ifb97e3dc1b59ebdc23cda73731fb02dc342d0520
 		2018-11-16 05:18:16 +00:00
api-ref/source [Doc] openstackdocstheme starlingxdocs theme 2018-10-22 14:37:37 +00:00
doc [Doc] openstackdocstheme starlingxdocs theme 2018-10-22 14:37:37 +00:00
guest-agent free memory and file handle when it is no longer in use 2018-11-15 13:40:50 +08:00
guest-client Rename mwa-* subdirectories to match the git repo name 2018-07-03 16:19:19 -04:00
guest-comm ensure string "null-terminated" and fix memory overwrite risk. 2018-11-16 05:18:16 +00:00
mtce-guest Decouple Guest-server/agent from stx-metal 2018-09-19 11:38:04 -04:00
nfv Do not apply NoExecute taint to AIO hosts when locked 2018-11-09 09:21:25 -06:00
nova-api-proxy Create stx-nfv docker image directives file 2018-11-14 15:11:44 -06:00
releasenotes [Doc] openstackdocstheme starlingxdocs theme 2018-10-22 14:37:37 +00:00
.gitignore [Doc] OpenStack API Reference Guide 2018-09-25 14:01:33 -07:00
.gitreview Add .gitreview 2018-05-31 07:36:51 -07:00
.zuul.yaml [Doc] openstackdocstheme starlingxdocs theme 2018-10-22 14:37:37 +00:00
CONTRIBUTORS.wrs StarlingX open source release updates 2018-05-31 07:36:51 -07:00
LICENSE StarlingX open source release updates 2018-05-31 07:36:51 -07:00
README.rst StarlingX open source release updates 2018-05-31 07:36:51 -07:00
centos_guest_image.inc Split image.inc across git repos 2018-08-17 16:07:03 +00:00
centos_guest_image_rt.inc Split image.inc across git repos 2018-08-17 16:07:03 +00:00
centos_iso_image.inc Decouple Guest-server/agent from stx-metal 2018-09-19 11:38:04 -04:00
centos_pike_docker_images.inc Create stx-nfv docker image directives file 2018-11-14 15:11:44 -06:00
centos_pike_wheels.inc Rename centos_wheels.inc to centos_pike_wheels.inc 2018-11-14 15:09:47 -06:00
centos_pkg_dirs Decouple Guest-server/agent from stx-metal 2018-09-19 11:38:04 -04:00
requirements.txt Adding py27 for nfv 2018-07-10 10:18:28 -05:00
test-requirements.txt Adding py27 for nfv 2018-07-10 10:18:28 -05:00
tox.ini fix tox python3 overrides 2018-10-05 10:57:02 +00:00

README.rst

stx-nfv

StarlingX NFVI Orchestration