WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] libxl: Fix format string abuses / vulnera

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] libxl: Fix format string abuses / vulnerabilities
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Nov 2010 04:50:24 -0700
Delivery-date: Tue, 02 Nov 2010 04:51:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
# Date 1288263945 -3600
# Node ID 2795279e7533b1955112877620b32731aec4ec2d
# Parent  da9b1aa3c3669792e3055770e1839c3e96590318
libxl: Fix format string abuses / vulnerabilities

There are a few places where libxl__xs_write is passed a variable
value to write to xenstore, but the semantics are that the first char*
is a format string.  So use "%s".

This fixes the following errors reported by some newer compilers:
 libxl.c: In function "libxl_create_cpupool":
 libxl.c:3981: error: format not a string literal and no format arguments
 libxl.c:3983: error: format not a string literal and no format arguments
 libxl.c: In function "libxl_cpupool_movedomain":
 libxl.c:4095: error: format not a string literal and no format arguments

Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
---
 tools/libxl/libxl.c |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff -r da9b1aa3c366 -r 2795279e7533 tools/libxl/libxl.c
--- a/tools/libxl/libxl.c       Thu Oct 28 12:02:22 2010 +0100
+++ b/tools/libxl/libxl.c       Thu Oct 28 12:05:45 2010 +0100
@@ -3978,10 +3978,12 @@ int libxl_create_cpupool(libxl_ctx *ctx,
         t = xs_transaction_start(ctx->xsh);
 
         xs_mkdir(ctx->xsh, t, libxl__sprintf(&gc, "/local/pool/%d", *poolid));
-        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid", 
*poolid),
-                 uuid_string);
-        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name", 
*poolid),
-                 name);
+        libxl__xs_write(&gc, t,
+                        libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid),
+                        "%s", uuid_string);
+        libxl__xs_write(&gc, t,
+                        libxl__sprintf(&gc, "/local/pool/%d/name", *poolid),
+                        "%s", name);
 
         if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
             return 0;
@@ -4093,7 +4095,8 @@ int libxl_cpupool_movedomain(libxl_ctx *
         if (!vm_path)
             break;
 
-        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path), 
poolname);
+        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path),
+                        "%s", poolname);
 
         if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
             break;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] libxl: Fix format string abuses / vulnerabilities, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] libxl: fix dom0 minimum memory threshold check, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] tools: caml-stubdom: fix "red zone" bug, Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] libxl: fix dom0 minimum memory threshold check, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] tools: caml-stubdom: fix "red zone" bug, Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy