[libvirt] [PATCH V1 5/5] node_device: fix possible non-terminated string
Eric Blake
eblake at redhat.com
Fri May 4 15:36:33 UTC 2012
On 05/04/2012 05:54 AM, Stefan Berger wrote:
> Error: STRING_NULL:
> /libvirt/src/node_device/node_device_linux_sysfs.c:80:
> string_null_argument: Function "saferead" does not terminate string "*buf".
> /libvirt/src/util/util.c:101:
> string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
> /libvirt/src/node_device/node_device_linux_sysfs.c:87:
> string_null: Passing unterminated string "buf" to a function expecting a null-terminated string.
>
> ---
> src/node_device/node_device_linux_sysfs.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> Index: libvirt-acl/src/node_device/node_device_linux_sysfs.c
> ===================================================================
> --- libvirt-acl.orig/src/node_device/node_device_linux_sysfs.c
> +++ libvirt-acl/src/node_device/node_device_linux_sysfs.c
> @@ -69,20 +69,21 @@ out:
> int read_wwn_linux(int host, const char *file, char **wwn)
> {
> char *p = NULL;
> - int fd = -1, retval = 0;
> - char buf[64];
> + int fd = -1, retval = 0, len;
> + char buf[65];
Here, I would write:
char buf[65] = "";
>
> if (open_wwn_file(LINUX_SYSFS_FC_HOST_PREFIX, host, file, &fd) < 0) {
> goto out;
> }
>
> - memset(buf, 0, sizeof(buf));
Then the memset is not necessary (the initialization took care of that
instead).
> - if (saferead(fd, buf, sizeof(buf)) < 0) {
> + len = saferead(fd, buf, sizeof(buf) - 1);
You are correct that you need to use sizeof(buf) - 1. But if you
guarantee that buf was all NUL on entry, then you don't have to worry
about the resulting len,...
> + if (len < 0) {
> retval = -1;
> VIR_DEBUG("Failed to read WWN for host%d '%s'",
> host, file);
> goto out;
> }
> + buf[len] = '\0';
and therefore don't need this trailing assignment. We definitely have
an off-by-one bug here, but I don't think we need quite as many changed
to fix the issue as what you have here.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120504/77aa2957/attachment-0001.sig>
More information about the libvir-list
mailing list