[PATCH] tools/xenstore: avoid unterminated string in xs_directory

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] tools/xenstore: avoid unterminated string in xs_directory_part()
@ 2016-12-06  6:41 Juergen Gross
  2016-12-06  9:44 ` Wei Liu
  0 siblings, 1 reply; 2+ messages in thread
From: Juergen Gross @ 2016-12-06  6:41 UTC (permalink / raw)
  To: xen-devel; +Cc: Juergen Gross, wei.liu2, ian.jackson

Commit d4016288ab1f ("xenstore: support XS_DIRECTORY_PART in
libxenstore") introduced a theoretical bug: the generation count of
the read node is transferred via strncpy without forcing a NUL byte
at the end. Correct this.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 tools/xenstore/xs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index e462a20..3ce7157 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -589,7 +589,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
 	struct iovec iovec[2];
 	char *result = NULL, *strings = NULL;
 
-	gen[0] = 0;
+	memset(gen, 0, sizeof(gen));
 	iovec[0].iov_base = (void *)path;
 	iovec[0].iov_len = strlen(path) + 1;
 
@@ -616,7 +616,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
 				continue;
 			}
 		} else
-			strncpy(gen, result, sizeof(gen));
+			strncpy(gen, result, sizeof(gen) - 1);
 
 		result_len -= strlen(result) + 1;
 		strings = realloc(strings, off + result_len);
-- 
2.10.2


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] tools/xenstore: avoid unterminated string in xs_directory_part()
  2016-12-06  6:41 [PATCH] tools/xenstore: avoid unterminated string in xs_directory_part() Juergen Gross
@ 2016-12-06  9:44 ` Wei Liu
  0 siblings, 0 replies; 2+ messages in thread
From: Wei Liu @ 2016-12-06  9:44 UTC (permalink / raw)
  To: Juergen Gross; +Cc: xen-devel, ian.jackson, wei.liu2

On Tue, Dec 06, 2016 at 07:41:54AM +0100, Juergen Gross wrote:
> Commit d4016288ab1f ("xenstore: support XS_DIRECTORY_PART in
> libxenstore") introduced a theoretical bug: the generation count of
> the read node is transferred via strncpy without forcing a NUL byte
> at the end. Correct this.
> 
> Signed-off-by: Juergen Gross <jgross@suse.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>

> ---
>  tools/xenstore/xs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
> index e462a20..3ce7157 100644
> --- a/tools/xenstore/xs.c
> +++ b/tools/xenstore/xs.c
> @@ -589,7 +589,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
>  	struct iovec iovec[2];
>  	char *result = NULL, *strings = NULL;
>  
> -	gen[0] = 0;
> +	memset(gen, 0, sizeof(gen));
>  	iovec[0].iov_base = (void *)path;
>  	iovec[0].iov_len = strlen(path) + 1;
>  
> @@ -616,7 +616,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
>  				continue;
>  			}
>  		} else
> -			strncpy(gen, result, sizeof(gen));
> +			strncpy(gen, result, sizeof(gen) - 1);
>  
>  		result_len -= strlen(result) + 1;
>  		strings = realloc(strings, off + result_len);
> -- 
> 2.10.2
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-12-06  9:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-06  6:41 [PATCH] tools/xenstore: avoid unterminated string in xs_directory_part() Juergen Gross
2016-12-06  9:44 ` Wei Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).