From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: [PATCH 2/2] xl: NULL terminate buf when reading dom0 /proc/uptime Date: Wed, 17 Feb 2016 10:34:24 +0000 Message-ID: <1455705264-17744-2-git-send-email-ian.campbell@citrix.com> References: <1455705264-17744-1-git-send-email-ian.campbell@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1455705264-17744-1-git-send-email-ian.campbell@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: ian.jackson@eu.citrix.com, wei.liu2@citrix.com, xen-devel@lists.xen.org Cc: Ian Campbell List-Id: xen-devel@lists.xenproject.org The contents of /proc/uptime is typically something like "80164.57 640617.58", so the existing 512 byte buffer is more than large enoguh, so reduce its effective size to 511 bytes and ensure we include a NULL. Otherwise Coverity points out that we pass a potentially unterminated string to strtok. In practice this likely doesn't actually cause issues (at least on Linux) because the string should always contain a space so we will stop parsing. CID: 105590 Signed-off-by: Ian Campbell --- tools/libxl/xl_cmdimpl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c index 89fa42c..31cea0f 100644 --- a/tools/libxl/xl_cmdimpl.c +++ b/tools/libxl/xl_cmdimpl.c @@ -6959,6 +6959,7 @@ static char *current_time_to_string(time_t now) static void print_dom0_uptime(int short_mode, time_t now) { int fd; + ssize_t nr; char buf[512]; uint32_t uptime = 0; char *uptime_str = NULL; @@ -6969,12 +6970,15 @@ static void print_dom0_uptime(int short_mode, time_t now) if (fd == -1) goto err; - if (read(fd, buf, sizeof(buf)) == -1) { + nr = read(fd, buf, sizeof(buf) - 1); + if (nr == -1) { close(fd); goto err; } close(fd); + buf[nr] = '\0'; + strtok(buf, " "); uptime = strtoul(buf, NULL, 10); -- 2.1.4