[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Thu, 7 Jan 2016 11:19:49 +0000
Cc: jgross@xxxxxxxx, wei.liu2@xxxxxxxxxx, ian.campbell@xxxxxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, roger.pau@xxxxxxxxxx
Delivery-date: Thu, 07 Jan 2016 11:20:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Jan 06, 2016 at 03:03:21PM -0500, Boris Ostrovsky wrote:
> When copying boot command string for HVMlite guests we explicitly write
> '\0' at MAX_GUEST_CMDLINE offset. Unless the string is close to
> MAX_GUEST_CMDLINE in length this write will end up in the wrong place,
> beyond the end of the mapped range.
> 
> We don't need to limit the size of command string to some arbitrary
> number. Any size that can be successfully allocated and mapped is valid
> and so the string is guaranteed to be NULL-terminated (since we use
> strlen, which needs terminating '\0', to calculate allocation size).
> 
> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>

> ---
>  tools/libxc/xc_dom_x86.c |    3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c
> index 3960875..b8d2904 100644
> --- a/tools/libxc/xc_dom_x86.c
> +++ b/tools/libxc/xc_dom_x86.c
> @@ -676,8 +676,7 @@ static int alloc_magic_pages_hvm(struct xc_dom_image *dom)
>  
>          if ( dom->cmdline )
>          {
> -            strncpy(cmdline, dom->cmdline, MAX_GUEST_CMDLINE);
> -            cmdline[MAX_GUEST_CMDLINE - 1] = '\0';
> +            strncpy(cmdline, dom->cmdline, cmdline_size);
>              start_info->cmdline_paddr = (seg.pfn << PAGE_SHIFT) +
>                                  ((uintptr_t)cmdline - (uintptr_t)start_info);
>          }
> -- 
> 1.7.1
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string
  - From: Ian Campbell

References:
- [Xen-devel] [PATCH v3 0/2] HVMlite start_info initialization fixes
  - From: Boris Ostrovsky
- [Xen-devel] [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string
  - From: Boris Ostrovsky

Prev by Date: Re: [Xen-devel] Infiniband support
Next by Date: Re: [Xen-devel] [PATCH v2 03/13] libxl: provide a function to retrieve the xenstore domain id
Previous by thread: [Xen-devel] [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string
Next by thread: Re: [Xen-devel] [PATCH v3 1/2] libxc: Don't write terminating NULL character to command string
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.