From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim Deegan Subject: Re: [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated Date: Thu, 10 May 2012 13:10:07 +0100 Message-ID: <20120510121007.GD73773@ocelot.phlegethon.org> References: <794778a6e9fa761bd388.1336560666@kodo2> <1336570982.25514.120.camel@zakaz.uk.xensource.com> <4FAA83A8.8070804@eu.citrix.com> <20395.43075.534483.485017@mariner.uk.xensource.com> <20120510114414.GC73773@ocelot.phlegethon.org> <4FABAACC.9000301@eu.citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <4FABAACC.9000301@eu.citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: George Dunlap Cc: "xen-devel@lists.xensource.com" , Ian Jackson , Ian Campbell List-Id: xen-devel@lists.xenproject.org At 12:47 +0100 on 10 May (1336654044), George Dunlap wrote: > On 10/05/12 12:44, Tim Deegan wrote: > >If the user controlled both the length and contents of > >info->u.pv.bootloader, it could cause this to overrun that buffer and > >cause a SEGV. So, sadly, strcmp goes on the 'just never use it' list > >for many people. > > Hmm, yes, I suppose it's *technically* possible that even when comparing > to a static string, if info->u.pv.bootloader contains a short, > non-null-terminated string, and were close to the edge of a page, it > could cause a SEGV. But using strncmp wouldn't solve that, would it? Yes - you give it the length of the info->u.pv.bootloader buffer and it guards against from exactly this problem. That's assuming you allocated it yourself and filled it with user-supplied bytes. If the user supplied the buffer, of course, you're forced to trust them and strncmp() doesn't buy you anything. Tim.