|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] libxc: Don't write terminating NULL character to command string
commit 8345512febd09e39c55bdf76ee0fb41b32562f45
Author: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
AuthorDate: Wed Jan 6 15:03:21 2016 -0500
Commit: Ian Campbell <ian.campbell@xxxxxxxxxx>
CommitDate: Thu Jan 7 12:51:06 2016 +0000
libxc: Don't write terminating NULL character to command string
When copying boot command string for HVMlite guests we explicitly write
'\0' at MAX_GUEST_CMDLINE offset. Unless the string is close to
MAX_GUEST_CMDLINE in length this write will end up in the wrong place,
beyond the end of the mapped range.
We don't need to limit the size of command string to some arbitrary
number. Any size that can be successfully allocated and mapped is valid
and so the string is guaranteed to be NULL-terminated (since we use
strlen, which needs terminating '\0', to calculate allocation size).
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
tools/libxc/xc_dom_x86.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c
index 3960875..b8d2904 100644
--- a/tools/libxc/xc_dom_x86.c
+++ b/tools/libxc/xc_dom_x86.c
@@ -676,8 +676,7 @@ static int alloc_magic_pages_hvm(struct xc_dom_image *dom)
if ( dom->cmdline )
{
- strncpy(cmdline, dom->cmdline, MAX_GUEST_CMDLINE);
- cmdline[MAX_GUEST_CMDLINE - 1] = '\0';
+ strncpy(cmdline, dom->cmdline, cmdline_size);
start_info->cmdline_paddr = (seg.pfn << PAGE_SHIFT) +
((uintptr_t)cmdline - (uintptr_t)start_info);
}
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |