From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Xen Coverity Team <coverity@xen.org>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [PATCH for-4.5 1/3] python/xc: Fix multiple issues in pyflask_context_to_sid()
Date: Fri, 28 Nov 2014 11:47:11 +0000 [thread overview]
Message-ID: <547860BF.1000400@citrix.com> (raw)
In-Reply-To: <1417174620.23604.12.camel@citrix.com>
On 28/11/14 11:37, Ian Campbell wrote:
> On Thu, 2014-11-27 at 12:34 +0000, Andrew Cooper wrote:
>> The error handling from a failed memory allocation should return
>> PyErr_SetFromErrno(xc_error_obj); rather than simply calling it and continuing
>> to the memcpy() below, with the dest pointer being NULL.
>>
>> Furthermore, the context string is simply an input parameter to the hypercall,
>> and is not mutated anywhere along the way. The error handling elsewhere in
>> the function can be simplified by not duplicating it to start with.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> Coverity-IDs: 1055305 1055721
>> CC: Ian Campbell <Ian.Campbell@citrix.com>
>> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
>> CC: Wei Liu <wei.liu2@citrix.com>
>> CC: Xen Coverity Team <coverity@xen.org>
> Acked-by: Ian Campbell <ian.campbell@citrix.com>
>
> This would have been far more obviously correct for 4.5 if you had stuck
> to fixing the issue in the first paragraph.
Hmm - I appear to have missed a detail in the description. One of the
CIDs is to do with putting a string in a new buffer without a NUL
terminator, and passing it as a char* into xc_flask_context_to_sid; the
issue being that anyone expecting things like strlen() to work will be
in for a nasty shock.
One solution to this was strdup(), but as the duplication was
unnecessary anyway, it was easier just to drop it all.
~Andrew
>
>> ---
>> tools/python/xen/lowlevel/xc/xc.c | 21 +++------------------
>> 1 file changed, 3 insertions(+), 18 deletions(-)
>>
>> diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c
>> index d95d459..c70b388 100644
>> --- a/tools/python/xen/lowlevel/xc/xc.c
>> +++ b/tools/python/xen/lowlevel/xc/xc.c
>> @@ -2126,8 +2126,6 @@ static PyObject *pyflask_context_to_sid(PyObject *self, PyObject *args,
>> {
>> xc_interface *xc_handle;
>> char *ctx;
>> - char *buf;
>> - uint32_t len;
>> uint32_t sid;
>> int ret;
>>
>> @@ -2137,28 +2135,15 @@ static PyObject *pyflask_context_to_sid(PyObject *self, PyObject *args,
>> &ctx) )
>> return NULL;
>>
>> - len = strlen(ctx);
>> -
>> - buf = malloc(len);
>> - if (!buf) {
>> - errno = -ENOMEM;
>> - PyErr_SetFromErrno(xc_error_obj);
>> - }
>> -
>> - memcpy(buf, ctx, len);
>> -
>> xc_handle = xc_interface_open(0,0,0);
>> if (!xc_handle) {
>> - free(buf);
>> return PyErr_SetFromErrno(xc_error_obj);
>> }
>> -
>> - ret = xc_flask_context_to_sid(xc_handle, buf, len, &sid);
>> -
>> +
>> + ret = xc_flask_context_to_sid(xc_handle, ctx, strlen(ctx), &sid);
>> +
>> xc_interface_close(xc_handle);
>>
>> - free(buf);
>> -
>> if ( ret != 0 ) {
>> errno = -ret;
>> return PyErr_SetFromErrno(xc_error_obj);
>
next prev parent reply other threads:[~2014-11-28 11:47 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-27 12:34 [PATCH for-4.5 0/3] Coverity fixes for python lowlevel libraries Andrew Cooper
2014-11-27 12:34 ` [PATCH for-4.5 1/3] python/xc: Fix multiple issues in pyflask_context_to_sid() Andrew Cooper
2014-11-28 11:37 ` Ian Campbell
2014-11-28 11:47 ` Andrew Cooper [this message]
2014-11-28 12:15 ` Ian Campbell
2014-12-09 14:27 ` Ian Campbell
2014-12-09 14:30 ` Andrew Cooper
2014-12-09 16:20 ` Konrad Rzeszutek Wilk
2014-12-09 16:43 ` [PATCH v2 " Andrew Cooper
2014-12-10 17:13 ` Konrad Rzeszutek Wilk
2014-12-16 17:16 ` Ian Campbell
2014-11-27 12:34 ` [PATCH for-4.5 2/3] python/xc: Fix multiple issues in pyxc_readconsolering() Andrew Cooper
2014-11-28 11:38 ` Ian Campbell
2014-12-01 21:14 ` Konrad Rzeszutek Wilk
2014-12-02 13:50 ` Ian Campbell
2014-12-02 18:47 ` Konrad Rzeszutek Wilk
2014-12-04 13:26 ` Ian Campbell
2014-11-27 12:34 ` [PATCH for-4.5 3/3] python/xs: Correct the indirection of the NULL xshandle() check Andrew Cooper
2014-11-28 11:32 ` Ian Campbell
2014-12-01 21:14 ` Konrad Rzeszutek Wilk
2014-11-28 12:07 ` [PATCH for-4.5 0/3] Coverity fixes for python lowlevel libraries Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=547860BF.1000400@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=coverity@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.