[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 1/4] xen-livepatch: fix parameter name parsing

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>
From: Anthony PERARD <anthony.perard@xxxxxxxxx>
Date: Wed, 24 Apr 2024 16:29:53 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Delivery-date: Wed, 24 Apr 2024 15:30:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Apr 24, 2024 at 10:19:54AM +0200, Roger Pau Monne wrote:
> It's incorrect to restrict strncmp to the length of the command line input
> parameter, as then a user passing a rune like:
> 
> % xen-livepatch up foo.livepatch
> 
> Would match against the "upload" command, because the string comparison has
> been truncated to the length of the input argument.  Use strcmp instead which
> doesn't truncate.  Otherwise in order to keep using strncmp we would need to
> also check strings are of the same length before doing the comparison.
> 
> Fixes: 05bb8afedede ('xen-xsplice: Tool to manipulate xsplice payloads')
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Acked-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>

Thanks,

-- 
Anthony PERARD

References:
- [PATCH v4 0/4] livepatch: minor bug fixes and improvements
  - From: Roger Pau Monne
- [PATCH v4 1/4] xen-livepatch: fix parameter name parsing
  - From: Roger Pau Monne

Prev by Date: Re: [XEN PATCH 2/2] x86/msr: add suffix 'U' to MSR_AMD_CSTATE_CFG macro.
Next by Date: [PATCH] arm/vpci: make prefetchable mem 64 bit
Previous by thread: [PATCH v4 1/4] xen-livepatch: fix parameter name parsing
Next by thread: Re: [PATCH v4 1/4] xen-livepatch: fix parameter name parsing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.