[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Thu, 10 May 2012 14:20:39 +0100
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Thu, 10 May 2012 13:21:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 14:15 +0100 on 10 May (1336659339), Ian Jackson wrote:
> Tim Deegan writes ("Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that 
> /usr/bin/pygrub is deprecated"):
> > At 12:36 +0100 on 10 May (1336653395), Ian Jackson wrote:
> > > Boggle.  Any such build processes need to be taken out and shot.
> > > There is nothing wrong with strcmp.  Are you sure you're not thinking
> > > of strcat or sprintf ?
> > 
> > If the user controlled both the length and contents of
> > info->u.pv.bootloader, it could cause this to overrun that buffer and
> > cause a SEGV.  So, sadly, strcmp goes on the 'just never use it' list
> > for many people.
> 
> info->u.pv.bootloader is a string.  The in-process caller of libxl
> is required to provide a nul-terminated buffer.  In general, strcmp is
> correct for user-provided strings when the string is a string.

Sure, in this case, strcmp is fine; I was talking about the reasons why
people are scared of it.

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0 of 3 RESEND] tools: Move bootloaders to libexec directory
  - From: George Dunlap
- [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Tim Deegan
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [xen-unstable test] 12828: regressions - FAIL
Next by Date: Re: [Xen-devel] [xen-unstable test] 12828: regressions - FAIL
Previous by thread: Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
Next by thread: [Xen-devel] [PATCH 1 of 3 RESEND] libxl: Look for bootloader in libexec path
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.