WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] libxl: Fix format string abuses / vulnerabilitie

from [Ian Campbell] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] libxl: Fix format string abuses / vulnerabilities
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Wed, 27 Oct 2010 14:20:03 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 27 Oct 2010 06:20:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19656.9855.926812.373470@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <19656.9855.926812.373470@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
On Wed, 2010-10-27 at 14:17 +0100, Ian Jackson wrote:
> There are a few places where libxl__xs_write is passed a variable
> value to write to xenstore, but the semantics are that the first char*
> is a format string.  So use "%s".
> 
> This fixes the following errors reported by some newer compilers:
>  libxl.c: In function "libxl_create_cpupool":
>  libxl.c:3981: error: format not a string literal and no format arguments
>  libxl.c:3983: error: format not a string literal and no format arguments
>  libxl.c: In function "libxl_cpupool_movedomain":
>  libxl.c:4095: error: format not a string literal and no format arguments
> 
> Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

Makes sense.

Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

> 
> diff -r 28a160746815 tools/libxl/libxl.c
> --- a/tools/libxl/libxl.c     Wed Oct 27 12:24:28 2010 +0100
> +++ b/tools/libxl/libxl.c     Wed Oct 27 13:38:30 2010 +0100
> @@ -3977,10 +3977,12 @@ int libxl_create_cpupool(libxl_ctx *ctx,
>          t = xs_transaction_start(ctx->xsh);
>  
>          xs_mkdir(ctx->xsh, t, libxl__sprintf(&gc, "/local/pool/%d", 
> *poolid));
> -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid", 
> *poolid),
> -                 uuid_string);
> -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name", 
> *poolid),
> -                 name);
> +        libxl__xs_write(&gc, t,
> +                        libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid),
> +                        "%s", uuid_string);
> +        libxl__xs_write(&gc, t,
> +                        libxl__sprintf(&gc, "/local/pool/%d/name", *poolid),
> +                        "%s", name);
>  
>          if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
>              return 0;
> @@ -4092,7 +4094,8 @@ int libxl_cpupool_movedomain(libxl_ctx *
>          if (!vm_path)
>              break;
>  
> -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", 
> vm_path), poolname);
> +        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path),
> +                        "%s", poolname);
>  
>          if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
>              break;
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] dom0 pvops boot crash on very ordinary Dell R310, Ian Campbell
Next by Date:  Re: [Xen-devel] [PATCH] libxl: Fix format string abuses / vulnerabilities, Gianni Tedesco
Previous by Thread:  [Xen-devel] [PATCH] libxl: Fix format string abuses / vulnerabilities, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] libxl: Fix format string abuses / vulnerabilities [and 2 more messages], Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy