From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string Date: Thu, 7 Jan 2016 13:24:51 +0000 Message-ID: <1452173091.21055.212.camel@citrix.com> References: <1452110602-3570-1-git-send-email-boris.ostrovsky@oracle.com> <1452110602-3570-2-git-send-email-boris.ostrovsky@oracle.com> <20160107111949.GV27789@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160107111949.GV27789@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Wei Liu , Boris Ostrovsky Cc: jgross@suse.com, stefano.stabellini@eu.citrix.com, andrew.cooper3@citrix.com, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org, roger.pau@citrix.com List-Id: xen-devel@lists.xenproject.org On Thu, 2016-01-07 at 11:19 +0000, Wei Liu wrote: > On Wed, Jan 06, 2016 at 03:03:21PM -0500, Boris Ostrovsky wrote: > > When copying boot command string for HVMlite guests we explicitly write > > '\0' at MAX_GUEST_CMDLINE offset. Unless the string is close to > > MAX_GUEST_CMDLINE in length this write will end up in the wrong place, > > beyond the end of the mapped range. > > > > We don't need to limit the size of command string to some arbitrary > > number. Any size that can be successfully allocated and mapped is valid > > and so the string is guaranteed to be NULL-terminated (since we use > > strlen, which needs terminating '\0', to calculate allocation size). > > > > Signed-off-by: Boris Ostrovsky > > Acked-by: Wei Liu Applied. Roger commented on #2 so I didn't take that, but this seemed to standalone.