|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] tools/xenstore: avoid unterminated string in xs_directory_part()
Commit d4016288ab1f ("xenstore: support XS_DIRECTORY_PART in
libxenstore") introduced a theoretical bug: the generation count of
the read node is transferred via strncpy without forcing a NUL byte
at the end. Correct this.
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
tools/xenstore/xs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index e462a20..3ce7157 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -589,7 +589,7 @@ static char **xs_directory_part(struct xs_handle *h,
xs_transaction_t t,
struct iovec iovec[2];
char *result = NULL, *strings = NULL;
- gen[0] = 0;
+ memset(gen, 0, sizeof(gen));
iovec[0].iov_base = (void *)path;
iovec[0].iov_len = strlen(path) + 1;
@@ -616,7 +616,7 @@ static char **xs_directory_part(struct xs_handle *h,
xs_transaction_t t,
continue;
}
} else
- strncpy(gen, result, sizeof(gen));
+ strncpy(gen, result, sizeof(gen) - 1);
result_len -= strlen(result) + 1;
strings = realloc(strings, off + result_len);
--
2.10.2
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |