[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v4 07/33] xen: guestcopy: Provide an helper to safely copy string from guest
On 31/03/15 14:30, Julien Grall wrote: > >> Furthermore, two size parameters serves no useful purpose. The caller >> must always be in a position to decide a plausible upper bound. > I don't understand the problem to have two size parameters... > > The first one is the size given by the guest while the second one if the > upper bound. > > The maximum size may change from every caller. Hence the second size > parameter. The caller shouldn't even be calling safe_copy_string_from_guest() with a guest-controlled-implausibly-large size. The caller should be doing something like: if ( usersize > PLAUSIBLE_UPPER_BOUND ) ... fail else data = safe_copy_string_from_guest(hnd, usersize). Mixing plausibility checks and string copying in a single function is a antipattern, and IMO should not be moved into a common helper function like this. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |