[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] tools/xenstored: Fix off-by-one in dump_state_nodes()
commit c85610a3224a89159284f082c8c3dfb842c070fb Author: Julien Grall <jgrall@xxxxxxxxxx> AuthorDate: Thu Jul 29 10:34:20 2021 +0100 Commit: Ian Jackson <iwj@xxxxxxxxxxxxxx> CommitDate: Fri Jul 30 11:02:35 2021 +0100 tools/xenstored: Fix off-by-one in dump_state_nodes() The maximum path length supported by Xenstored protocol is XENSTORE_ABS_PATH_MAX (i.e 3072). This doesn't take into account the NUL at the end of the path. However, the code to dump the nodes will allocate a buffer of XENSTORE_ABS_PATH. As a result it may not be possible to live-update if there is a node name of XENSTORE_ABS_PATH. Fix it by allocating a buffer of XENSTORE_ABS_PATH_MAX + 1 characters. Take the opportunity to pass the max length of the buffer as a parameter of dump_state_node_tree(). This will be clearer that the check in the function is linked to the allocation in dump_state_nodes(). Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> --- tools/xenstore/xenstored_core.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 16c856730c..0d4c73d6e2 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -2574,7 +2574,8 @@ const char *dump_state_node_perms(FILE *fp, const struct xs_permissions *perms, return NULL; } -static const char *dump_state_node_tree(FILE *fp, char *path) +static const char *dump_state_node_tree(FILE *fp, char *path, + unsigned int path_max_len) { unsigned int pathlen, childlen, p = 0; struct xs_state_record_header head; @@ -2642,10 +2643,10 @@ static const char *dump_state_node_tree(FILE *fp, char *path) } while (p < hdr->childlen) { childlen = strlen(child) + 1; - if (pathlen + childlen > XENSTORE_ABS_PATH_MAX) + if (pathlen + childlen > path_max_len) return "Dump node path length error"; strcpy(path + pathlen, child); - ret = dump_state_node_tree(fp, path); + ret = dump_state_node_tree(fp, path, path_max_len); if (ret) return ret; p += childlen; @@ -2661,13 +2662,13 @@ const char *dump_state_nodes(FILE *fp, const void *ctx) { char *path; - path = talloc_size(ctx, XENSTORE_ABS_PATH_MAX); + path = talloc_size(ctx, XENSTORE_ABS_PATH_MAX + 1); if (!path) return "Path buffer allocation error"; strcpy(path, "/"); - return dump_state_node_tree(fp, path); + return dump_state_node_tree(fp, path, XENSTORE_ABS_PATH_MAX + 1); } void read_state_global(const void *ctx, const void *state) -- generated by git-patchbot for /home/xen/git/xen.git#staging
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |