[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2] libxl/libxl_qmp.c: fix qmp_open

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: PRAMOD DEVENDRA <pramod.devendra@xxxxxxxxxx>
Date: Thu, 19 Mar 2015 06:40:30 +0000
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Pramod Devendra <pramod.devendra@xxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Thu, 19 Mar 2015 06:44:23 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Resent-date: Thu, 19 Mar 2015 07:44:03 +0100
Resent-from: Olaf Hering <olaf@xxxxxxxxx>
Resent-message-id: <20150319064403.GA17462@xxxxxxxxx>
Resent-to: xen-devel@xxxxxxxxxxxxx

From: Pramod Devendra <pramod.devendra@xxxxxxxxxx>

Signed-off-by: Pramod Devendra <pramod.devendra@xxxxxxxxxx>
CC: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
CC: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
CC: Ian Campbell <ian.campbell@xxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
---
Changed since v1:
1. Make sure sun_path does not overflow.
2. Close qmp_fd on error.
---
 tools/libxl/libxl_qmp.c |   26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/tools/libxl/libxl_qmp.c b/tools/libxl/libxl_qmp.c
index c7324e6..316a93f 100644
--- a/tools/libxl/libxl_qmp.c
+++ b/tools/libxl/libxl_qmp.c
@@ -357,22 +357,32 @@ static libxl__qmp_handler *qmp_init_handler(libxl__gc 
*gc, uint32_t domid)
 static int qmp_open(libxl__qmp_handler *qmp, const char *qmp_socket_path,
                     int timeout)
 {
-    int ret;
+    int ret = -1;
     int i = 0;
 
     qmp->qmp_fd = socket(AF_UNIX, SOCK_STREAM, 0);
     if (qmp->qmp_fd < 0) {
-        return -1;
+        goto out;
     }
     ret = libxl_fd_set_nonblock(qmp->ctx, qmp->qmp_fd, 1);
-    if (ret) return -1;
+    if (ret) {
+        ret = -1;
+        goto out;
+    }
     ret = libxl_fd_set_cloexec(qmp->ctx, qmp->qmp_fd, 1);
-    if (ret) return -1;
+    if (ret) {
+        ret = -1;
+        goto out;
+    }
 
+    if (sizeof (qmp->addr.sun_path) <= strlen(qmp_socket_path)) {
+        ret = -1;
+        goto out;
+    }
     memset(&qmp->addr, 0, sizeof (qmp->addr));
     qmp->addr.sun_family = AF_UNIX;
     strncpy(qmp->addr.sun_path, qmp_socket_path,
-            sizeof (qmp->addr.sun_path));
+            sizeof (qmp->addr.sun_path)-1);
 
     do {
         ret = connect(qmp->qmp_fd, (struct sockaddr *) &qmp->addr,
@@ -384,9 +394,13 @@ static int qmp_open(libxl__qmp_handler *qmp, const char 
*qmp_socket_path,
              * ECONNREFUSED : Leftover socket hasn't been removed yet */
             continue;
         }
-        return -1;
+        ret = -1;
+        goto out;
     } while ((++i / 5 <= timeout) && (usleep(200 * 1000) <= 0));
 
+out:
+    if (ret == -1 && qmp->qmp_fd > -1) close(qmp->qmp_fd);
+
     return ret;
 }
 
-- 
1.7.10.4



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- [Xen-devel] [PATCH v3] libxl/libxl_qmp.c: fix error handling in qmp_open
  - From: PRAMOD DEVENDRA
- Re: [Xen-devel] [PATCH v2] libxl/libxl_qmp.c: fix qmp_open
  - From: Wei Liu

References:
- [Xen-devel] [PATCH 1/3] tools/libxl/libxl_qmp.c: Make sure sun_path is NULL terminated in qmp_open
  - From: PRAMOD DEVENDRA

Prev by Date: [Xen-devel] [PATCH v2] tools/libxl: close the logfile_w and null file descriptors in libxl__spawn_qdisk_backend() error path
Next by Date: Re: [Xen-devel] [RFC PATCH] dpci: Put the dpci back on the list if running on another CPU.
Previous by thread: Re: [Xen-devel] [PATCH 1/3] tools/libxl/libxl_qmp.c: Make sure sun_path is NULL terminated in qmp_open
Next by thread: Re: [Xen-devel] [PATCH v2] libxl/libxl_qmp.c: fix qmp_open
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.