From patchwork Wed Feb 17 10:34:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Campbell X-Patchwork-Id: 8336421 Return-Path: X-Original-To: patchwork-xen-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 186089F2F0 for ; Wed, 17 Feb 2016 10:37:10 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 453ED20254 for ; Wed, 17 Feb 2016 10:37:09 +0000 (UTC) Received: from lists.xen.org (lists.xenproject.org [50.57.142.19]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 62EA12024F for ; Wed, 17 Feb 2016 10:37:08 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aVzRS-0004fb-I8; Wed, 17 Feb 2016 10:34:42 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aVzRR-0004fU-At for xen-devel@lists.xen.org; Wed, 17 Feb 2016 10:34:41 +0000 Received: from [85.158.137.68] by server-8.bemta-3.messagelabs.com id 09/2C-24375-0CC44C65; Wed, 17 Feb 2016 10:34:40 +0000 X-Env-Sender: prvs=848fde4e6=Ian.Campbell@citrix.com X-Msg-Ref: server-12.tower-31.messagelabs.com!1455705278!22950344!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 64129 invoked from network); 17 Feb 2016 10:34:39 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-12.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 17 Feb 2016 10:34:39 -0000 X-IronPort-AV: E=Sophos;i="5.22,459,1449532800"; d="scan'208";a="338793234" From: Ian Campbell To: , , Date: Wed, 17 Feb 2016 10:34:24 +0000 Message-ID: <1455705264-17744-2-git-send-email-ian.campbell@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1455705264-17744-1-git-send-email-ian.campbell@citrix.com> References: <1455705264-17744-1-git-send-email-ian.campbell@citrix.com> MIME-Version: 1.0 X-DLP: MIA1 Cc: Ian Campbell Subject: [Xen-devel] [PATCH 2/2] xl: NULL terminate buf when reading dom0 /proc/uptime X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The contents of /proc/uptime is typically something like "80164.57 640617.58", so the existing 512 byte buffer is more than large enoguh, so reduce its effective size to 511 bytes and ensure we include a NULL. Otherwise Coverity points out that we pass a potentially unterminated string to strtok. In practice this likely doesn't actually cause issues (at least on Linux) because the string should always contain a space so we will stop parsing. CID: 105590 Signed-off-by: Ian Campbell Acked-by: Ian Jackson --- tools/libxl/xl_cmdimpl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c index 89fa42c..31cea0f 100644 --- a/tools/libxl/xl_cmdimpl.c +++ b/tools/libxl/xl_cmdimpl.c @@ -6959,6 +6959,7 @@ static char *current_time_to_string(time_t now) static void print_dom0_uptime(int short_mode, time_t now) { int fd; + ssize_t nr; char buf[512]; uint32_t uptime = 0; char *uptime_str = NULL; @@ -6969,12 +6970,15 @@ static void print_dom0_uptime(int short_mode, time_t now) if (fd == -1) goto err; - if (read(fd, buf, sizeof(buf)) == -1) { + nr = read(fd, buf, sizeof(buf) - 1); + if (nr == -1) { close(fd); goto err; } close(fd); + buf[nr] = '\0'; + strtok(buf, " "); uptime = strtoul(buf, NULL, 10);