[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6 02/13] cxenstored: add support for systemd active sockets



On Thu, 2014-06-12 at 18:18 -0700, Luis R. Rodriguez wrote:
> +int xs_validate_active_socket(const char *connect_to)
> +{
> +     char sock[30];
> +
> +     /* We have to null terminate the socket path */
> +     memset(sock, '\0', sizeof(sock));
> +     memcpy(sock, connect_to, strlen(connect_to));

This risks overrunning sock if connect_to is longer than 30 characters.

But your use of strlen suggests that connect_to is already NULL
terminated, so what is this for?

> +     if ((strncmp("/var/run/xenstored/socket_ro", sock, 28) != 0) &&
> +         (strncmp("/var/run/xenstored/socket", sock, 25) != 0)) {

Given that sock (or connect_to) is NULL terminated, why strncmp and not
the straightforward strcmp?

As it is I think your code would accept
e.g. /var/run/xenstored/socketwibble, no?

Is it common in systemd support to validate the input socket's path in
this way? As opposed to trusting that the systemd unit file is correct.

> +static void xen_claim_active_sockets(int **psock, int **pro_sock)
> +{
> +     int *sock, *ro_sock;
> +     const char *soc_str = xs_daemon_socket();
> +     const char *soc_str_ro = xs_daemon_socket_ro();
> +     int n;
> +
> +     n = sd_listen_fds(0);
> +     if (n <= 0) {
> +             sd_notifyf(0, "STATUS=Failed to get any active sockets: %s\n"
> +                        "ERRNO=%i",
> +                        strerror(errno),
> +                        errno);
> +             barf_perror("sd_listen_fds() failed\n");
> +     } else if (n > 2) {
> +             fprintf(stderr, SD_ERR "Expected 2 fds but given %d\n", n);
> +             sd_notifyf(0, "STATUS=Mismatch on number (2): %s\n"
> +                        "ERRNO=%d",
> +                        strerror(EBADR),
> +                        EBADR);
> +             barf_perror("sd_listen_fds() gave too many fds\n");

Need this be fatal?

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.