On 16/04/2018 13:17, Daniel P. Berrangé wrote: > A user trying out SMBIOS "OEM strings" feature reported that the data > they are exposing to the guest was truncated at 1023 bytes, which breaks > the app consuming in the guest. After searching for the cause I > eventually found that the QemuOpts parsing is using fixed length 1024 > byte array for option values and 128 byte array for key names. > > We can certainly debate whether it is sane to have such long command > line argument values (it is not sane), but if the OS was capable of > exec'ing QEMU with such an ARGV array, there is little good reason for > imposing an artificial length restriction when parsing it. Even worse is > that we silently truncate without reporting an error when hitting limits > resulting in a semantically incorrect behaviour, possibly even leading > to security flaws depending on the data that was truncated. > > Thus this patch series removes the artificial length limits by killing > the fixed length buffers. > > Separately I intend to make it possible to read "OEM strings" data from > a file, to avoid need to have long command line args. > > Daniel P. Berrangé (3): > accel: use g_strsplit for parsing accelerator names > opts: don't silently truncate long parameter keys > opts: don't silently truncate long option values > > accel/accel.c | 16 +++--- > hw/i386/multiboot.c | 33 +++++++---- > include/qemu/option.h | 3 +- > tests/test-qemu-opts.c | 18 ------ > util/qemu-option.c | 150 > ++++++++++++++++++++++++++----------------------- > 5 files changed, 108 insertions(+), 112 deletions(-) >
Queued, thanks. Paolo
