[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, ian.jackson@xxxxxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, ian.campbell@xxxxxxxxxx, wei.liu2@xxxxxxxxxx
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 5 Jan 2016 23:01:50 +0000
Cc: jgross@xxxxxxxx, xen-devel@xxxxxxxxxxxxx, roger.pau@xxxxxxxxxx
Delivery-date: Tue, 05 Jan 2016 23:01:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 05/01/2016 22:59, Boris Ostrovsky wrote:
> On 01/05/2016 05:42 PM, Andrew Cooper wrote:
>> On 05/01/2016 22:26, Boris Ostrovsky wrote:
>>> When copying boot command string for HVMlite guests we explicitly write
>>> '\0' at MAX_GUEST_CMDLINE offset. Unless the string is close to
>>> MAX_GUEST_CMDLINE in length this write will end up in the wrong place,
>>> beyond the end of the mapped range.
>>>
>>> Instead we should test string's length early and error out if it is too
>>> long.
>>>
>>> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
>> MAX_GUEST_CMDLINE is an arbitrary and incorrect restriction.  It is
>> sadly baked into the PV ABI, but I specifically want to avoid lumbering
>> DMLite with the failings of PV.
>>
>> By the looks of it, the only bug is the use of MAX_GUEST_CMDLINE.  The
>> xc_map_foreign_range() call already accounts for sufficient space to
>> store the string when mapping guest memory.
>
> Yes, I was also thinking about dropping it but ended up keeping it
> mostly because it didn't feel right to blindly use strcpy().

Possibly add a comment explaining that the length has already been
checked, and that sufficient space has been allocated, if that helps? 
One way or another, the use of strcpy() here is correct.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
  - From: Ian Campbell

References:
- [Xen-devel] [PATCH v2 0/2] HVMlite start_info initialization fixes
  - From: Boris Ostrovsky
- [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
  - From: Boris Ostrovsky
- Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
  - From: Andrew Cooper
- Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
  - From: Boris Ostrovsky

Prev by Date: Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
Next by Date: Re: [Xen-devel] [PATCH v2 12/32] x86/um: reuse asm-generic/barrier.h
Previous by thread: Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
Next by thread: Re: [Xen-devel] [PATCH v2 1/2] libxc: Don't write terminating NULL character to command string
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.