[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that /usr/bin/pygrub is deprecated

Tim Deegan writes ("Re: [Xen-devel] [PATCH 3 of 3 RESEND] libxl: Warn that 
/usr/bin/pygrub is deprecated"):
> At 12:36 +0100 on 10 May (1336653395), Ian Jackson wrote:
> > Boggle.  Any such build processes need to be taken out and shot.
> > There is nothing wrong with strcmp.  Are you sure you're not thinking
> > of strcat or sprintf ?
> If the user controlled both the length and contents of
> info->u.pv.bootloader, it could cause this to overrun that buffer and
> cause a SEGV.  So, sadly, strcmp goes on the 'just never use it' list
> for many people.

info->u.pv.bootloader is a string.  The in-process caller of libxl
is required to provide a nul-terminated buffer.  In general, strcmp is
correct for user-provided strings when the string is a string.

I think perhaps people have been confused by the habit of some kernel
ABI designers to write something like:
   struct mumble {
       char mumblename[16];
and then to allow callers to supply 16-octet mumblenames (necessarily,
then, without a trailing nul), or shorter mumblenames (with trailing
nul).  In that case strncmp is indeed necessary.

But these kind of interfaces are a rarity in userland and certainly
libxl's API/ABI doesn't have anything like that.  In the case of
info->u.pv.bootloader the string is from malloc and the "buffer
length" isn't even recorded anywhere so there would be no correct
value to pass to strncmp that wasn't ~(size_t)0.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.