[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated

To: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Thu, 10 May 2012 13:10:07 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Thu, 10 May 2012 12:10:29 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 12:47 +0100 on 10 May (1336654044), George Dunlap wrote:
> On 10/05/12 12:44, Tim Deegan wrote:
> >If the user controlled both the length and contents of
> >info->u.pv.bootloader, it could cause this to overrun that buffer and
> >cause a SEGV.  So, sadly, strcmp goes on the 'just never use it' list
> >for many people.
> 
> Hmm, yes, I suppose it's *technically* possible that even when comparing 
> to a static string, if info->u.pv.bootloader contains a short, 
> non-null-terminated string, and were close to the edge of a page, it 
> could cause a SEGV.  But using strncmp wouldn't solve that, would it?

Yes - you give it the length of the info->u.pv.bootloader buffer and it
guards against from exactly this problem.  That's assuming you allocated
it yourself and filled it with user-supplied bytes.  If the user
supplied the buffer, of course, you're forced to trust them and
strncmp() doesn't buy you anything.

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 0 of 3 RESEND] tools: Move bootloaders to libexec directory
  - From: George Dunlap
- [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: Tim Deegan
- Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH] tools/xenconsoled: Add syslog
Next by Date: [Xen-devel] [PATCH 2/2] libxl: fix indentation in libxl_dm.c for qemu
Previous by thread: Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
Next by thread: Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.