http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1675
kth3321@xxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
Summary|Build error |Build error
|"tools/libxl/libxl.c" |tools/libxl/libxl.c "error:
| |format not a string literal
| |and no format arguments"
------- Comment #2 from kth3321@xxxxxxxxx 2010-10-23 07:54 -------
This is printf format error. It's warning message means a security flaw if the
input string is in any way controlled by a potential attacker.
http://en.wikipedia.org/wiki/Format_string_vulnerabilities
--- tools/libxl/libxl.c.org 2010-10-23 23:41:56.536698001 +0900
+++ tools/libxl/libxl.c 2010-10-23 23:43:55.044698000 +0900
@@ -3977,9 +3977,9 @@
t = xs_transaction_start(ctx->xsh);
xs_mkdir(ctx->xsh, t, libxl__sprintf(&gc, "/local/pool/%d", *poolid));
- libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid",
*poolid),
+ libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid",
*poolid), "%s",
uuid_string);
- libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name",
*poolid),
+ libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name",
*poolid), "%s",
name);
if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
@@ -4092,7 +4092,7 @@
if (!vm_path)
break;
- libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path),
poolname);
+ libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path),
"%s", poolname);
if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
break;
--
Configure bugmail:
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs
|
Home