[Libvir] [PATCH] virsh Range check in Credit Scheduler

Daniel Veillard veillard at redhat.com
Wed Jul 18 08:16:36 UTC 2007 

On Wed, Jul 18, 2007 at 09:11:42AM +0900, Atsushi SAKAI wrote:
> Hi, Daniel
> 
>  uint16(weight and cap) is copyied in src/virsh.c
> so It cannot rewrite on src/xen_internal.c.

   xenHypervisorSetSchedulerParameters() do get the int values
in the case XEN_SCHEDULER_CREDIT :
  op_dom.u.getschedinfo.u.credit.weight = params[i].value.ui;
and
  op_dom.u.getschedinfo.u.credit.cap = params[i].value.ui;

 the ui field is an unsigned long. the test against the value
1 to USHRT_MAX can be done there and the case where one have
a negative value at the virsh level would correspond to an extremely
large integer in xenHypervisorSetSchedulerParameters() after the
unsigned cast.

  See the enclosed patch, please check,

    thanks,

Daniel


-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/
-------------- next part --------------
Index: src/xen_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xen_internal.c,v
retrieving revision 1.85
diff -u -p -r1.85 xen_internal.c
--- src/xen_internal.c	12 Jul 2007 08:57:52 -0000	1.85
+++ src/xen_internal.c	18 Jul 2007 08:15:01 -0000
@@ -1170,6 +1170,7 @@ xenHypervisorSetSchedulerParameters(virD
 				 virSchedParameterPtr params, int nparams)
 {
     int i;
+    unsigned int val;
     xenUnifiedPrivatePtr priv;
 
     if ((domain == NULL) || (domain->conn == NULL)) {
@@ -1237,11 +1238,25 @@ xenHypervisorSetSchedulerParameters(virD
             for (i = 0; i < nparams; i++) {
                 if (STREQ (params[i].field, str_weight) &&
                     params[i].type == VIR_DOMAIN_SCHED_FIELD_UINT) {
-                    op_dom.u.getschedinfo.u.credit.weight = params[i].value.ui;
+		    val = params[i].value.ui;
+		    if ((val < 1) || (val > USHRT_MAX)) {
+		        virXenErrorFunc (VIR_ERR_INVALID_ARG, __FUNCTION__,
+       _("Credit scheduler weight parameter (%d) is out of range (1-65535)"),
+                                         val);
+			return(-1);
+		    }
+                    op_dom.u.getschedinfo.u.credit.weight = val;
 		    weight_set = 1;
 		} else if (STREQ (params[i].field, str_cap) &&
                     params[i].type == VIR_DOMAIN_SCHED_FIELD_UINT) {
-                    op_dom.u.getschedinfo.u.credit.cap = params[i].value.ui;
+		    val = params[i].value.ui;
+		    if (val > USHRT_MAX) {
+		        virXenErrorFunc (VIR_ERR_INVALID_ARG, __FUNCTION__,
+       _("Credit scheduler cap parameter (%d) is out of range (0-65535)"),
+                                         val);
+			return(-1);
+		    }
+                    op_dom.u.getschedinfo.u.credit.cap = val;
 		    cap_set = 1;
 	        } else {
 		    virXenErrorFunc (VIR_ERR_INVALID_ARG, __FUNCTION__,

More information about the libvir-list mailing list