Re: [PATCH] tools/xenstored: Fix off-by-one in dump_state_nodes()

[Juergen Gross <jgross@xxxxxxxx>]

On 29.07.21 11:34, Julien Grall wrote:
> From: Julien Grall <jgrall@xxxxxxxxxx>
>
> The maximum path length supported by Xenstored protocol is
> XENSTORE_ABS_PATH_MAX (i.e 3072). This doesn't take into account the
> NUL at the end of the path.
>
> However, the code to dump the nodes will allocate a buffer
> of XENSTORE_ABS_PATH. As a result it may not be possible to live-update
> if there is a node name of XENSTORE_ABS_PATH.
>
> Fix it by allocating a buffer of XENSTORE_ABS_PATH_MAX + 1 characters.
>
> Take the opportunity to pass the max length of the buffer as a
> parameter of dump_state_node_tree(). This will be clearer that the
> check in the function is linked to the allocation in dump_state_nodes().
>
> Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>

> ---
>
> This was spotted when backporting Live-Update to 4.11 because the
> commit 924bf8c793 "tools/xenstore: rework path length check" is
> not present. On the latest upstream, this is looks more a latent bug
> because I didn't manage to create such large node.
Yes, the path length is limited to "/local/domain/<id>/" + the max
relative path length.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature