-
Markus Armbruster authoredparse_acl_file() passes char values to isspace(). Undefined behavior when the value is negative. Not a security issue, because the characters come from trusted $prefix/etc/qemu/bridge.conf and the files it includes. Furthermore, isspace()'s locale-dependence means qemu-bridge-helper uses the user's locale for parsing $prefix/etc/bridge.conf. Feels wrong. Use g_ascii_isspace() instead. This fixes the undefined behavior, and makes parsing of $prefix/etc/bridge.conf locale-independent. Signed-off-by:
Markus Armbruster <armbru@redhat.com>
Message-Id: <20190514180311.16028-2-armbru@redhat.com>Markus Armbruster authoredparse_acl_file() passes char values to isspace(). Undefined behavior when the value is negative. Not a security issue, because the characters come from trusted $prefix/etc/qemu/bridge.conf and the files it includes. Furthermore, isspace()'s locale-dependence means qemu-bridge-helper uses the user's locale for parsing $prefix/etc/bridge.conf. Feels wrong. Use g_ascii_isspace() instead. This fixes the undefined behavior, and makes parsing of $prefix/etc/bridge.conf locale-independent. Signed-off-by:Markus Armbruster <armbru@redhat.com>
Message-Id: <20190514180311.16028-2-armbru@redhat.com>
Loading