[xen staging] xen/hypfs: check the return value of snprintf to avoid leaking stack accidently

[patchbot@xxxxxxx]

commit 33bd9c91865b420adec02380c465e81031b0150a
Author:     Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
AuthorDate: Fri Aug 5 08:38:23 2022 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Aug 5 08:38:23 2022 +0200

    xen/hypfs: check the return value of snprintf to avoid leaking stack 
accidently
    
    The function snprintf() returns the number of characters that would have 
been
    written in the buffer if the buffer size had been sufficiently large,
    not counting the terminating null character.
    Hence, the value returned is not guaranteed to be smaller than the buffer 
size.
    Check the return value of snprintf() to prevent leaking stack contents to 
the
    guest by accident.
    
    Also, for debug builds, add an assertion to ensure that the assumption made 
on
    the size of the destination buffer still holds.
    
    Signed-off-by: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
---
 xen/common/hypfs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c
index acd258edf2..cdf4ee0171 100644
--- a/xen/common/hypfs.c
+++ b/xen/common/hypfs.c
@@ -377,6 +377,11 @@ int hypfs_read_dyndir_id_entry(const struct 
hypfs_entry_dir *template,
     unsigned int e_namelen, e_len;
 
     e_namelen = snprintf(name, sizeof(name), template->e.name, id);
+    if ( e_namelen >= sizeof(name) )
+    {
+        ASSERT_UNREACHABLE();
+        return -ENOBUFS;
+    }
     e_len = DIRENTRY_SIZE(e_namelen);
     direntry.e.pad = 0;
     direntry.e.type = template->e.type;
--
generated by git-patchbot for /home/xen/git/xen.git#staging