[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters

To: Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>
From: Jürgen Groß <jgross@xxxxxxxx>
Date: Fri, 5 Mar 2021 15:33:48 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, raphning@xxxxxxxxxxxx, Julien Grall <jgrall@xxxxxxxxxx>
Delivery-date: Fri, 05 Mar 2021 14:33:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05.03.21 14:22, Ian Jackson wrote:

Julien Grall writes ("[PATCH for-4.15] tools/xenstored: liveupdate: Increase the 
maximum number of parameters"):

From: Julien Grall <jgrall@xxxxxxxxxx>

The longest possible command line for LiveUpdate is:

   liveupdate -s -t <timeout> -F

This is 5 parameters. However, the maximum is currently specified to 4.
This means the some of the parameters will get ignored.


Why are the extra parameters ignored rather than treated as errors ?
This seems like an invitation to making code with bad behaviour
(perhaps bad security-relevant behaviour).

CC Juergen who seems to have written the code...


This is the max number of 0 delimited string parameters. Especially the
stubdom case needs a binary blob (with length, of course) as parameter,
and the number of 0 bytes in this data is just limited by the allowed
payload length.

See the comment in line 111 of xenstored_control.c.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Follow-Ups:
- Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
  - From: Ian Jackson

References:
- [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
  - From: Julien Grall
- Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
  - From: Ian Jackson

Prev by Date: Re: [PATCH 2/3] xen/dmop: Strip __XEN_TOOLS__ header guard from public API
Next by Date: Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
Previous by thread: Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
Next by thread: Re: [PATCH for-4.15] tools/xenstored: liveupdate: Increase the maximum number of parameters
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.