WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] libxenlight: fix segfault when domid_to_name returns

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] libxenlight: fix segfault when domid_to_name returns NULL
From: Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
Date: Fri, 12 Mar 2010 16:04:32 -0500
Delivery-date: Fri, 12 Mar 2010 13:05:34 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Thunderbird/3.0.3
The function libxl_domid_to_name() can return NULL if the path
/local/domain/%d/name does not exist.  This causes a segfault if the
NULL name is later passed as a value to libxl_xs_writev().  I'm hitting
this making a call to libxl_device_vfb_add() from my graphical switcher
application.

This patch modifies xs_writev() and libxl_xs_writev() to skip NULL values.

Signed-off-by: Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
---

Alternative approaches would be to either not return NULL from
libxl_domid_to_name(), or not to include "name" in the list of
key/values within libxl_device_vfb_add() and friends.


diff -r 4152a3ce90a7 tools/libxl/libxl_xshelp.c
--- a/tools/libxl/libxl_xshelp.c        Thu Mar 11 17:40:35 2010 +0000
+++ b/tools/libxl/libxl_xshelp.c        Fri Mar 12 15:51:44 2010 -0500
@@ -33,11 +33,11 @@
 
     for (i = 0; kvs[i] != NULL; i += 2) {
         asprintf(&path, "%s/%s", dir, kvs[i]);
-        if (path) {
+        if (path && kvs[i + 1]) {
             int length = strlen(kvs[i + 1]);
             xs_write(xsh, t, path, kvs[i + 1], length);
-            free(path);
         }
+        free(path);
     }
     return 0;
 }
@@ -74,7 +74,7 @@
 
     for (i = 0; kvs[i] != NULL; i += 2) {
         path = libxl_sprintf(ctx, "%s/%s", dir, kvs[i]);
-        if (path) {
+        if (path && kvs[i + 1]) {
             int length = strlen(kvs[i + 1]);
             xs_write(ctx->xsh, t, path, kvs[i + 1], length);
         }





-- 

Eamon Walsh 
National Security Agency


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] libxenlight: fix segfault when domid_to_name returns NULL, Eamon Walsh <=