From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Matthew Daley <mattd@bugfuzz.com>, xen-devel@lists.xen.org
Cc: Ian Jackson <ian.jackson@eu.citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: Re: [PATCH 1/2] xenstore: sanity check incoming message body lengths
Date: Sun, 1 Dec 2013 11:44:10 +0000 [thread overview]
Message-ID: <529B210A.9080005@citrix.com> (raw)
In-Reply-To: <1385770805-1929-2-git-send-email-mattd@bugfuzz.com>
On 30/11/2013 00:20, Matthew Daley wrote:
> This is for the client-side receiving messages from xenstored, so there
> is no security impact, unlike XSA-72.
>
> Coverity-ID: 1055449
> Coverity-ID: 1056028
> Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> tools/xenstore/xs.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
> index 261b841..184886f 100644
> --- a/tools/xenstore/xs.c
> +++ b/tools/xenstore/xs.c
> @@ -1145,6 +1145,12 @@ static int read_message(struct xs_handle *h, int nonblocking)
> goto error_freemsg;
> }
>
> + /* Sanity check message body length. */
> + if (msg->hdr.len > XENSTORE_PAYLOAD_MAX) {
> + saved_errno = E2BIG;
> + goto error_freemsg;
> + }
> +
> /* Allocate and read the message body. */
> body = msg->body = malloc(msg->hdr.len + 1);
> if (body == NULL)
next prev parent reply other threads:[~2013-12-01 11:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-30 0:20 Minor Coverity xenstore fixes Matthew Daley
2013-11-30 0:20 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths Matthew Daley
2013-12-01 11:44 ` Andrew Cooper [this message]
2013-12-19 15:42 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths [and 2 more messages] Ian Jackson
2013-12-19 15:51 ` Ian Campbell
2013-12-19 17:17 ` Ian Jackson
2013-12-02 11:33 ` [PATCH 1/2] xenstore: sanity check incoming message body lengths Ian Jackson
2013-12-02 11:53 ` Matthew Daley
2013-11-30 0:20 ` [PATCH 2/2] xenstore: check F_SETFL fcntl invocation in setnonblock Matthew Daley
2013-11-30 0:30 ` [PATCH 2/2 v2] " Matthew Daley
2013-12-01 11:48 ` Andrew Cooper
2013-12-02 11:36 ` Ian Jackson
2013-12-02 11:41 ` Ian Campbell
2013-12-02 12:34 ` Ian Jackson
2013-12-02 12:45 ` Matthew Daley
2013-12-13 5:55 ` Matthew Daley
2013-12-13 16:56 ` Ian Jackson
2013-11-30 1:33 ` Minor Coverity xenstore fixes Matthew Daley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529B210A.9080005@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=mattd@bugfuzz.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).