[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.2] libxl: fix vif rate parsing

commit 8f749b254def91001124367d687e9fc6a2793f6b
Author:     Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
AuthorDate: Thu Oct 10 15:48:55 2013 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Thu Oct 10 16:59:37 2013 +0100

    libxl: fix vif rate parsing
    
    strtok can return NULL here. We don't need to use strtok anyway, so just
    use a simple strchr method.
    
    Coverity-ID: 1055642
    
    This is CVE-2013-4369 / XSA-68
    
    Signed-off-by: Matthew Daley <mattjd@xxxxxxxxx>
    
    Fix type. Add test case
    
    Signed-off-by: Ian Campbell <Ian.campbell@xxxxxxxxxx>
    (cherry picked from commit c53702cee1d6f9f1b72f0cae0b412e21bcda8724)
    (cherry picked from commit 60aefd150bc0ad0c7d325da5ffea0bf4e0544130)
---
 tools/libxl/check-xl-vif-parse |    4 ++++
 tools/libxl/libxlu_vif.c       |   19 +++++++++++++------
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/tools/libxl/check-xl-vif-parse b/tools/libxl/check-xl-vif-parse
index 0473182..02c6dba 100755
--- a/tools/libxl/check-xl-vif-parse
+++ b/tools/libxl/check-xl-vif-parse
@@ -206,4 +206,8 @@ expected </dev/null
 one $e rate=4294967295GB/s@5us
 one $e rate=4296MB/s@4294s
 
+# test include of single '@'
+expected </dev/null
+one $e rate=@
+
 complete
diff --git a/tools/libxl/libxlu_vif.c b/tools/libxl/libxlu_vif.c
index 3b3de0f..0665e62 100644
--- a/tools/libxl/libxlu_vif.c
+++ b/tools/libxl/libxlu_vif.c
@@ -95,23 +95,30 @@ int xlu_vif_parse_rate(XLU_Config *cfg, const char *rate, 
libxl_device_nic *nic)
     uint64_t bytes_per_sec = 0;
     uint64_t bytes_per_interval = 0;
     uint32_t interval_usecs = 50000UL; /* Default to 50ms */
-    char *ratetok, *tmprate;
+    char *p, *tmprate;
     int rc = 0;
 
     tmprate = strdup(rate);
+    if (tmprate == NULL) {
+        rc = ENOMEM;
+        goto out;
+    }
+
+    p = strchr(tmprate, '@');
+    if (p != NULL)
+        *p++ = 0;
+
     if (!strcmp(tmprate,"")) {
         xlu__vif_err(cfg, "no rate specified", rate);
         rc = EINVAL;
         goto out;
     }
 
-    ratetok = strtok(tmprate, "@");
-    rc = vif_parse_rate_bytes_per_sec(cfg, ratetok, &bytes_per_sec);
+    rc = vif_parse_rate_bytes_per_sec(cfg, tmprate, &bytes_per_sec);
     if (rc) goto out;
 
-    ratetok = strtok(NULL, "@");
-    if (ratetok != NULL) {
-        rc = vif_parse_rate_interval_usecs(cfg, ratetok, &interval_usecs);
+    if (p != NULL) {
+        rc = vif_parse_rate_interval_usecs(cfg, p, &interval_usecs);
         if (rc) goto out;
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.