[libvirt] [PATCH 4/4] util: avoid PATH_MAX-sized array
Eric Blake
eblake at redhat.com
Wed Jun 22 21:13:53 UTC 2011
See previous patch for why this is good...
* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
Manage path dynamically. Report snprintf overflow.
* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
(usbFreeDevice): Likewise.
---
src/util/hostusb.c | 32 +++++++++++++++++++++++++-------
src/util/pci.c | 31 +++++++++++++++++++++++++------
2 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/src/util/hostusb.c b/src/util/hostusb.c
index d5b478b..1669e2f 100644
--- a/src/util/hostusb.c
+++ b/src/util/hostusb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2010 Red Hat, Inc.
+ * Copyright (C) 2009-2011 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -48,7 +48,7 @@ struct _usbDevice {
char name[USB_ADDR_LEN]; /* domain:bus:slot.function */
char id[USB_ID_LEN]; /* product vendor */
- char path[PATH_MAX];
+ char *path;
};
/* For virReportOOMError() and virReportSystemError() */
@@ -171,13 +171,30 @@ usbGetDevice(unsigned bus,
dev->bus = bus;
dev->dev = devno;
- snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o",
- dev->bus, dev->dev);
- snprintf(dev->path, sizeof(dev->path),
- USB_DEVFS "%03d/%03d", dev->bus, dev->dev);
+ if (snprintf(dev->name, sizeof(dev->name), "%.3o:%.3o",
+ dev->bus, dev->dev) >= sizeof(dev->name)) {
+ usbReportError(VIR_ERR_INTERNAL_ERROR,
+ _("dev->name buffer overflow: %.3o:%.3o"),
+ dev->bus, dev->dev);
+ usbFreeDevice(dev);
+ return NULL;
+ }
+ if (virAsprintf(&dev->path, USB_DEVFS "%03d/%03d",
+ dev->bus, dev->dev) < 0) {
+ virReportOOMError();
+ usbFreeDevice(dev);
+ return NULL;
+ }
/* XXX fixme. this should be product/vendor */
- snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus, dev->dev);
+ if (snprintf(dev->id, sizeof(dev->id), "%d %d", dev->bus,
+ dev->dev) >= sizeof(dev->id)) {
+ usbReportError(VIR_ERR_INTERNAL_ERROR,
+ _("dev->id buffer overflow: %d %d"),
+ dev->bus, dev->dev);
+ usbFreeDevice(dev);
+ return NULL;
+ }
VIR_DEBUG("%s %s: initialized", dev->id, dev->name);
@@ -203,6 +220,7 @@ void
usbFreeDevice(usbDevice *dev)
{
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
+ VIR_FREE(dev->path);
VIR_FREE(dev);
}
diff --git a/src/util/pci.c b/src/util/pci.c
index 8b2ca42..46a3a83 100644
--- a/src/util/pci.c
+++ b/src/util/pci.c
@@ -56,7 +56,7 @@ struct _pciDevice {
char name[PCI_ADDR_LEN]; /* domain:bus:slot.function */
char id[PCI_ID_LEN]; /* product vendor */
- char path[PATH_MAX];
+ char *path;
int fd;
unsigned initted;
@@ -1307,10 +1307,21 @@ pciGetDevice(unsigned domain,
dev->slot = slot;
dev->function = function;
- snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
- dev->domain, dev->bus, dev->slot, dev->function);
- snprintf(dev->path, sizeof(dev->path),
- PCI_SYSFS "devices/%s/config", dev->name);
+ if (snprintf(dev->name, sizeof(dev->name), "%.4x:%.2x:%.2x.%.1x",
+ dev->domain, dev->bus, dev->slot,
+ dev->function) >= sizeof(dev->name)) {
+ pciReportError(VIR_ERR_INTERNAL_ERROR,
+ _("dev->name buffer overflow: %.4x:%.2x:%.2x.%.1x"),
+ dev->domain, dev->bus, dev->slot, dev->function);
+ pciFreeDevice(dev);
+ return NULL;
+ }
+ if (virAsprintf(&dev->path, PCI_SYSFS "devices/%s/config",
+ dev->name) < 0) {
+ virReportOOMError();
+ pciFreeDevice(dev);
+ return NULL;
+ }
if (access(dev->path, F_OK) != 0) {
virReportSystemError(errno,
@@ -1334,7 +1345,14 @@ pciGetDevice(unsigned domain,
}
/* strings contain '0x' prefix */
- snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2], &product[2]);
+ if (snprintf(dev->id, sizeof(dev->id), "%s %s", &vendor[2],
+ &product[2]) >= sizeof(dev->id)) {
+ pciReportError(VIR_ERR_INTERNAL_ERROR,
+ _("dev->id buffer overflow: %s %s"),
+ &vendor[2], &product[2]);
+ pciFreeDevice(dev);
+ return NULL;
+ }
VIR_FREE(product);
VIR_FREE(vendor);
@@ -1351,6 +1369,7 @@ pciFreeDevice(pciDevice *dev)
return;
VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
pciCloseConfig(dev);
+ VIR_FREE(dev->path);
VIR_FREE(dev);
}
--
1.7.4.4
More information about the libvir-list
mailing list