[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Xen-users] Xen 4.2 TODO (io and irq parameter are not evaluated by xl)



Ian Campbell writes ("Re: [Xen-users] Xen 4.2 TODO (io and irq parameter are 
not evaluated by xl)"):
> libxl/xl: implement support for guest iooprt and irq permissions.

Most of this looks good, but:

...                                       ("bios",             libxl_bios_type),
> +            buf = xlu_cfg_get_listitem (ioports, i);
> +            if (!buf) {
> +                fprintf(stderr,
> +                        "xl: Unable to get element #%d in ioport list\n", i);
> +                exit(1);
> +            }
> +            s = e = strtoul(buf, &ep, 16);
> +            if (ep == buf) {
> +                fprintf(stderr, "xl: Invalid argument parsing ioport: %s\n",
> +                        buf);
> +                exit(1);
> +            }
> +            if (*ep == '-') {

This code fails to properly handle (reject)
   - (*ep!=0 && *ep!='-')
   - value > LONG_MAX
   - INT_MAX < value <= LONG_MAX
   - *ep2!=0

> +            irq = strtoul(buf, &ep, 10);

Likewise.

I take it we're not worrying about missing malloc failure checks in
xl.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.