[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Use new Xen public header for product numbers and names

On Mon, 2012-10-01 at 17:08 +0100, Paul Durrant wrote:
> > -----Original Message-----
> > From: Ian Jackson [mailto:Ian.Jackson@xxxxxxxxxxxxx]
> > Sent: 01 October 2012 16:14
> > To: Paul Durrant
> > Cc: xen-devel@xxxxxxxxxxxxx
> > Subject: Re: [Xen-devel] [PATCH] Use new Xen public header for product
> > numbers and names
> > 
> > Paul Durrant writes ("[Xen-devel] [PATCH] Use new Xen public header for
> > product numbers and names"):
> > > xen/include/public/hvm/pvdrivers.h has been added as the register of
> > > product numbers used by the blacklisting protocol.
> > > Use the definitions therein rather then locally coded values.
> > ...
> > > +#define PRODUCT(_name, _nr) case _nr: product = _name; break;
> > >      switch (product_nr) {
> > > -    /*
> > > -     * In qemu-xen-unstable, this is the master registry of product
> > > -     * numbers.  If you need a new product number allocating, please
> > > -     * post to xen-devel@xxxxxxxxxxxxxxxxxxxx  You should NOT use
> > > -     * an existing product number without allocating one.
> > > -     *
> > > -     * If you maintain a seaparate versioning and distribution path
> > > -     * for PV drivers you should have a separate product number so
> > > -     * that your drivers can be separated from others'.
> > > -     *
> > > -     * During development, you may use the product ID 0xffff to
> > > -     * indicate a driver which is yet to be released.
> > > -     */
> > > -    case 1: product = "xensource-windows";  break; /* Citrix */
> > > -    case 2: product = "gplpv-windows";      break; /* James Harper */
> > > -    case 0xffff: product = "experimental";  break;
> > > +    PVDRIVERS_PRODUCT_LIST(PRODUCT)
> > 
> > As a case in point, this generates:
> >        case 0: product = NULL; break;
> > and then passes the NULL to asprintf.
> > 
> 
> Nothing should be using product number 0, so is this a problem?

In some circumstances (I think) the product number may come from the
guest, which may be malicious.

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.