[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated

At 12:47 +0100 on 10 May (1336654044), George Dunlap wrote:
> On 10/05/12 12:44, Tim Deegan wrote:
> >If the user controlled both the length and contents of
> >info->u.pv.bootloader, it could cause this to overrun that buffer and
> >cause a SEGV.  So, sadly, strcmp goes on the 'just never use it' list
> >for many people.
> Hmm, yes, I suppose it's *technically* possible that even when comparing 
> to a static string, if info->u.pv.bootloader contains a short, 
> non-null-terminated string, and were close to the edge of a page, it 
> could cause a SEGV.  But using strncmp wouldn't solve that, would it?

Yes - you give it the length of the info->u.pv.bootloader buffer and it
guards against from exactly this problem.  That's assuming you allocated
it yourself and filled it with user-supplied bytes.  If the user
supplied the buffer, of course, you're forced to trust them and
strncmp() doesn't buy you anything.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.