From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matt Wilson Subject: [PATCH v2 1/4] minios: correct char array allocation for xenbus paths Date: Fri, 6 Sep 2013 12:52:04 -0700 Message-ID: <1378497127-809-2-git-send-email-msw@linux.com> References: <1378497127-809-1-git-send-email-msw@linux.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VI256-00022N-SU for xen-devel@lists.xenproject.org; Fri, 06 Sep 2013 19:52:37 +0000 Received: by mail-pd0-f171.google.com with SMTP id g10so3630615pdj.2 for ; Fri, 06 Sep 2013 12:52:33 -0700 (PDT) In-Reply-To: <1378497127-809-1-git-send-email-msw@linux.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xenproject.org Cc: Ben Cressey , Samuel Thibault , Matt Wilson , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org From: Matt Wilson The char arrays used to hold xenbus paths have historically been allocated by manually counting the length longest string constants included in constructing the path. This has led to improperly sized buffers, both too large (with little consequence) and too small (which obviously causes problems). This patch corrects the instances where the length was incorrectly calculated by using strlen() on the longest string constant used in building a xenbus path. A follow-on clean-up patch will change all instances to use strlen(). Signed-off-by: Ben Cressey Cc: Stefano Stabellini Cc: Samuel Thibault [msw: split this patch from a larger patch from Ben, reworked to use strlen()] Signed-off-by: Matt Wilson --- extras/mini-os/blkfront.c | 2 +- extras/mini-os/console/xenbus.c | 2 +- extras/mini-os/fbfront.c | 10 +++++----- extras/mini-os/netfront.c | 2 +- extras/mini-os/pcifront.c | 7 +++++-- 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/extras/mini-os/blkfront.c b/extras/mini-os/blkfront.c index f4283a9..70976f5 100644 --- a/extras/mini-os/blkfront.c +++ b/extras/mini-os/blkfront.c @@ -254,7 +254,7 @@ void shutdown_blkfront(struct blkfront_dev *dev) XenbusState state; char path[strlen(dev->backend) + 1 + 5 + 1]; - char nodename[strlen(dev->nodename) + 1 + 5 + 1]; + char nodename[strlen(dev->nodename) + strlen("/event-channel") + 1]; blkfront_sync(dev); diff --git a/extras/mini-os/console/xenbus.c b/extras/mini-os/console/xenbus.c index e65baf7..1ecfcc5 100644 --- a/extras/mini-os/console/xenbus.c +++ b/extras/mini-os/console/xenbus.c @@ -158,7 +158,7 @@ done: { XenbusState state; - char path[strlen(dev->backend) + 1 + 19 + 1]; + char path[strlen(dev->backend) + strlen("/state") + 1]; snprintf(path, sizeof(path), "%s/state", dev->backend); xenbus_watch_path_token(XBT_NIL, path, path, &dev->events); diff --git a/extras/mini-os/fbfront.c b/extras/mini-os/fbfront.c index 54a5e67..6eddb3c 100644 --- a/extras/mini-os/fbfront.c +++ b/extras/mini-os/fbfront.c @@ -158,8 +158,8 @@ done: { XenbusState state; - char path[strlen(dev->backend) + 1 + 6 + 1]; - char frontpath[strlen(nodename) + 1 + 6 + 1]; + char path[strlen(dev->backend) + strlen("/state") + 1]; + char frontpath[strlen(nodename) + strlen("/state") + 1]; snprintf(path, sizeof(path), "%s/state", dev->backend); @@ -240,7 +240,7 @@ void shutdown_kbdfront(struct kbdfront_dev *dev) XenbusState state; char path[strlen(dev->backend) + 1 + 5 + 1]; - char nodename[strlen(dev->nodename) + 1 + 5 + 1]; + char nodename[strlen(dev->nodename) + strlen("/request-abs-pointer") + 1]; printk("close kbd: backend at %s\n",dev->backend); @@ -521,7 +521,7 @@ done: { XenbusState state; char path[strlen(dev->backend) + 1 + 14 + 1]; - char frontpath[strlen(nodename) + 1 + 6 + 1]; + char frontpath[strlen(nodename) + strlen("/state") + 1]; snprintf(path, sizeof(path), "%s/state", dev->backend); @@ -632,7 +632,7 @@ void shutdown_fbfront(struct fbfront_dev *dev) XenbusState state; char path[strlen(dev->backend) + 1 + 5 + 1]; - char nodename[strlen(dev->nodename) + 1 + 5 + 1]; + char nodename[strlen(dev->nodename) + strlen("/feature-update") + 1]; printk("close fb: backend at %s\n",dev->backend); diff --git a/extras/mini-os/netfront.c b/extras/mini-os/netfront.c index 6fa68a2..ddf56ea 100644 --- a/extras/mini-os/netfront.c +++ b/extras/mini-os/netfront.c @@ -508,7 +508,7 @@ void shutdown_netfront(struct netfront_dev *dev) XenbusState state; char path[strlen(dev->backend) + 1 + 5 + 1]; - char nodename[strlen(dev->nodename) + 1 + 5 + 1]; + char nodename[strlen(dev->nodename) + strlen("/request-rx-copy") + 1]; printk("close network: backend at %s\n",dev->backend); diff --git a/extras/mini-os/pcifront.c b/extras/mini-os/pcifront.c index bbe21e0..f9ae768 100644 --- a/extras/mini-os/pcifront.c +++ b/extras/mini-os/pcifront.c @@ -323,7 +323,7 @@ void shutdown_pcifront(struct pcifront_dev *dev) XenbusState state; char path[strlen(dev->backend) + 1 + 5 + 1]; - char nodename[strlen(dev->nodename) + 1 + 5 + 1]; + char nodename[strlen(dev->nodename) + strlen("/event-channel") + 1]; printk("close pci: backend at %s\n",dev->backend); @@ -379,7 +379,10 @@ int pcifront_physical_to_virtual (struct pcifront_dev *dev, unsigned int *slot, unsigned long *fun) { - char path[strlen(dev->backend) + 1 + 5 + 10 + 1]; + /* FIXME: the buffer sizing is a little lazy here. 10 extra bytes + should be enough to hold the paths we need to construct, even + if the number of devices is large */ + char path[strlen(dev->backend) + strlen("/num_devs") + 10 + 1]; int i, n; char *s, *msg = NULL; unsigned int dom1, bus1, slot1, fun1; -- 1.7.9.5