From: Matthew Daley <mattd@bugfuzz.com>
To: xen-devel@lists.xen.org
Cc: Matthew Daley <mattd@bugfuzz.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH 1/2] xenstore: sanity check incoming message body lengths
Date: Sat, 30 Nov 2013 13:20:04 +1300 [thread overview]
Message-ID: <1385770805-1929-2-git-send-email-mattd@bugfuzz.com> (raw)
In-Reply-To: <1385770805-1929-1-git-send-email-mattd@bugfuzz.com>
This is for the client-side receiving messages from xenstored, so there
is no security impact, unlike XSA-72.
Coverity-ID: 1055449
Coverity-ID: 1056028
Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
---
tools/xenstore/xs.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index 261b841..184886f 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -1145,6 +1145,12 @@ static int read_message(struct xs_handle *h, int nonblocking)
goto error_freemsg;
}
+ /* Sanity check message body length. */
+ if (msg->hdr.len > XENSTORE_PAYLOAD_MAX) {
+ saved_errno = E2BIG;
+ goto error_freemsg;
+ }
+
/* Allocate and read the message body. */
body = msg->body = malloc(msg->hdr.len + 1);
if (body == NULL)
--
1.7.10.4
next prev parent reply other threads:[~2013-11-30 0:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-30 0:20 Minor Coverity xenstore fixes Matthew Daley
2013-11-30 0:20 ` Matthew Daley [this message]
2013-12-01 11:44 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths Andrew Cooper
2013-12-19 15:42 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths [and 2 more messages] Ian Jackson
2013-12-19 15:51 ` Ian Campbell
2013-12-19 17:17 ` Ian Jackson
2013-12-02 11:33 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths Ian Jackson
2013-12-02 11:53 ` Matthew Daley
2013-11-30 0:20 ` [PATCH 2/2] xenstore: check F_SETFL fcntl invocation in setnonblock Matthew Daley
2013-11-30 0:30 ` [PATCH 2/2 v2] " Matthew Daley
2013-12-01 11:48 ` Andrew Cooper
2013-12-02 11:36 ` Ian Jackson
2013-12-02 11:41 ` Ian Campbell
2013-12-02 12:34 ` Ian Jackson
2013-12-02 12:45 ` Matthew Daley
2013-12-13 5:55 ` Matthew Daley
2013-12-13 16:56 ` Ian Jackson
2013-11-30 1:33 ` Minor Coverity xenstore fixes Matthew Daley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1385770805-1929-2-git-send-email-mattd@bugfuzz.com \
--to=mattd@bugfuzz.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).