From cc82a93645c199a1e42b9ffaf3f8612ab360391d Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 12 Sep 2007 15:41:51 +0000 Subject: [PATCH] Wed Sep 12 16:35:00 BST 2007 Richard W.M. Jones * src/xend_internal.c, src/xml.c, src/xml.h: Properly check buffer size in virDomainXMLDevID (Hugh Brock). --- ChangeLog | 5 +++++ src/xend_internal.c | 4 ++-- src/xml.c | 8 +++++--- src/xml.h | 2 +- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index cbcaaef8b0..7ca3407800 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Wed Sep 12 16:35:00 BST 2007 Richard W.M. Jones + + * src/xend_internal.c, src/xml.c, src/xml.h: Properly check buffer + size in virDomainXMLDevID (Hugh Brock). + Wed Sep 12 11:30:00 BST 2007 Richard W.M. Jones * src/xend_internal.c, src/xen_unified.c: Removed an annoying diff --git a/src/xend_internal.c b/src/xend_internal.c index 6bbf18f048..d8b10daf48 100644 --- a/src/xend_internal.c +++ b/src/xend_internal.c @@ -3116,7 +3116,7 @@ xenDaemonAttachDevice(virDomainPtr domain, char *xml) *(conf + strlen(conf) -1) = 0; /* suppress final ) */ } else conf = sexpr; - if (virDomainXMLDevID(domain, xml, class, ref)) { + if (virDomainXMLDevID(domain, xml, class, ref, sizeof(ref))) { /* device doesn't exist, define it */ ret = xend_op(domain->conn, domain->name, "op", "device_create", "config", conf, NULL); @@ -3149,7 +3149,7 @@ xenDaemonDetachDevice(virDomainPtr domain, char *xml) __FUNCTION__); return (-1); } - if (virDomainXMLDevID(domain, xml, class, ref)) + if (virDomainXMLDevID(domain, xml, class, ref, sizeof(ref))) return (-1); return(xend_op(domain->conn, domain->name, "op", "device_destroy", "type", class, "dev", ref, NULL)); diff --git a/src/xml.c b/src/xml.c index 1688dbdf9a..0287e50fce 100644 --- a/src/xml.c +++ b/src/xml.c @@ -1385,7 +1385,7 @@ virParseXMLDevice(virConnectPtr conn, char *xmldesc, int hvm, int xendConfigVers * Returns 0 in case of success, -1 in case of failure. */ int -virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref) +virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref, int ref_len) { xmlDocPtr xml = NULL; xmlNodePtr node, cur; @@ -1413,7 +1413,8 @@ virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref) attr = xmlGetProp(cur, BAD_CAST "dev"); if (attr == NULL) goto error; - strcpy(ref, (char *)attr); + strncpy(ref, (char *)attr, ref_len); + ref[ref_len -1] = '\0'; goto cleanup; } } @@ -1430,8 +1431,9 @@ virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref) xref = xenStoreDomainGetNetworkID(domain->conn, domain->id, (char *) attr); if (xref != NULL) { - strcpy(ref, xref); + strncpy(ref, xref, ref_len); free(xref); + ref[ref_len - 1] = '\0'; goto cleanup; } #else /* without xen */ diff --git a/src/xml.h b/src/xml.h index 29ccd58c05..11f2c5e583 100644 --- a/src/xml.h +++ b/src/xml.h @@ -33,7 +33,7 @@ int virXPathNodeSet (const char *xpath, char *virDomainParseXMLDesc(virConnectPtr conn, const char *xmldesc, char **name, int xendConfigVersion); char *virParseXMLDevice(virConnectPtr conn, char *xmldesc, int hvm, int xendConfigVersion); -int virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref); + int virDomainXMLDevID(virDomainPtr domain, char *xmldesc, char *class, char *ref, int ref_len); #ifdef __cplusplus } -- GitLab