virconf: Fix numeric overflow when parsing numbers in conf files

The number is parsed manually without making sure it'll fit.

Fixes: 3bbac7cdb67
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/util/virconf.c b/src/util/virconf.c
index 8fdf40e9d0e271aa5f3d34d5a22c24153c1ebc6b..da07af178d93b9c055df8631e37677e38c927bdc 100644 (file)
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,6 +347,12 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
         return -1;
     }
     while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
+        if (l > LLONG_MAX / 10) {
+            virConfError(ctxt, VIR_ERR_OVERFLOW,
+                         _("numeric overflow in conf value"));
+            return -1;
+        }
+
         l = l * 10 + (CUR - '0');
         NEXT;
     }