[tip:tools/kvm] kvm tools: Avoid overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Commit-ID:  a82c229f55b100c38692dc869df6e2faec84b960
Gitweb:     http://git.kernel.org/tip/a82c229f55b100c38692dc869df6e2faec84b960
Author:     Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
AuthorDate: Tue, 20 Dec 2011 17:08:41 +0800
Committer:  Pekka Enberg <penberg@xxxxxxxxxx>
CommitDate: Wed, 21 Dec 2011 22:28:07 +0200

kvm tools: Avoid overflow

"entry.d_name[strlen(entry.d_name)-5] = 0" may overflow
when strlen(entry.d_name) < 5.

also avoid magic number(5).

Signed-off-by: Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
Signed-off-by: Pekka Enberg <penberg@xxxxxxxxxx>
---
 tools/kvm/kvm.c |   22 ++++++++++++++++++----
 1 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/tools/kvm/kvm.c b/tools/kvm/kvm.c
index cd1e386..08df4ca 100644
--- a/tools/kvm/kvm.c
+++ b/tools/kvm/kvm.c
@@ -127,6 +127,9 @@ static struct kvm *kvm__new(void)
 	return kvm;
 }
 
+#define KVM_SOCK_SUFFIX		".sock"
+#define KVM_SOCK_SUFFIX_LEN	((ssize_t)sizeof(KVM_SOCK_SUFFIX) - 1)
+
 static int kvm__create_socket(struct kvm *kvm)
 {
 	char full_name[PATH_MAX];
@@ -137,7 +140,8 @@ static int kvm__create_socket(struct kvm *kvm)
 	if (!kvm->name)
 		return -1;
 
-	sprintf(full_name, "%s/%s.sock", kvm__get_dir(), kvm->name);
+	sprintf(full_name, "%s/%s%s", kvm__get_dir(), kvm->name,
+			KVM_SOCK_SUFFIX);
 	if (access(full_name, F_OK) == 0)
 		die("Socket file %s already exist", full_name);
 
@@ -167,7 +171,7 @@ void kvm__remove_socket(const char *name)
 {
 	char full_name[PATH_MAX];
 
-	sprintf(full_name, "%s/%s.sock", kvm__get_dir(), name);
+	sprintf(full_name, "%s/%s%s", kvm__get_dir(), name, KVM_SOCK_SUFFIX);
 	unlink(full_name);
 }
 
@@ -177,7 +181,7 @@ int kvm__get_sock_by_instance(const char *name)
 	char sock_file[PATH_MAX];
 	struct sockaddr_un local;
 
-	sprintf(sock_file, "%s/%s.sock", kvm__get_dir(), name);
+	sprintf(sock_file, "%s/%s%s", kvm__get_dir(), name, KVM_SOCK_SUFFIX);
 	s = socket(AF_UNIX, SOCK_STREAM, 0);
 
 	local.sun_family = AF_UNIX;
@@ -212,7 +216,17 @@ int kvm__enumerate_instances(int (*callback)(const char *name, int fd))
 		if (result == NULL)
 			break;
 		if (entry.d_type == DT_SOCK) {
-			entry.d_name[strlen(entry.d_name)-5] = 0;
+			ssize_t name_len = strlen(entry.d_name);
+			char *p;
+
+			if (name_len <= KVM_SOCK_SUFFIX_LEN)
+				continue;
+
+			p = &entry.d_name[name_len - KVM_SOCK_SUFFIX_LEN];
+			if (memcmp(KVM_SOCK_SUFFIX, p, KVM_SOCK_SUFFIX_LEN))
+				continue;
+
+			*p = 0;
 			sock = kvm__get_sock_by_instance(entry.d_name);
 			if (sock < 0)
 				continue;
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Stable Commits]     [Linux Stable Kernel]     [Linux Kernel]     [Linux USB Devel]     [Linux Video &Media]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux