From patchwork Thu Nov 6 13:59:43 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Campbell X-Patchwork-Id: 40285 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f199.google.com (mail-wi0-f199.google.com [209.85.212.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 050ED24237 for ; Thu, 6 Nov 2014 14:02:15 +0000 (UTC) Received: by mail-wi0-f199.google.com with SMTP id r20sf704248wiv.2 for ; Thu, 06 Nov 2014 06:02:14 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id :mime-version:cc:subject:precedence:list-id:list-unsubscribe :list-post:list-help:list-subscribe:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list :list-archive:content-type:content-transfer-encoding; bh=/Plgf9k6bi4AzkLield/gItvhdeBTIYIWqQdUxq7Wac=; b=fWDy18wvyQsX2sj/NGcBfh0Hc93UFUHhUnvcq0TsbvcZlRWq+8eoTXGtcC2SinZPG7 aWaBPYnRfoqy7act3BNbeO8TYRsPOCYh+R4zV/hG4k2wsaCIZXhibfd7/Q2jpDPTx+SE nad4529rg5u3xlhRAMDfd/dqMLw2ErK//KmmzMB/iSz+RDWECrT6+Q2y2r/TzZ+3oQ5D 2/nHyMwClgI6q8k8xbgYI+/Vc+vTX9WN0jpP+/b1Q9RM8ctp9dn60eWMh0O1Q1CKKhx9 Cnnk5PBMQzZlg8ShnWzwFEnWYvaCblRi4UG4HwHlamtC8TJj3s7CcYs6kgUBteFXEDhY qEGQ== X-Gm-Message-State: ALoCoQkDZepvrclony9ZkKvNwyqeH4DWCl/ZFYWfO8GZ3g4bOdxctZWiRTw7dh8MqbL/SF+MpKzO X-Received: by 10.180.218.100 with SMTP id pf4mr2022631wic.4.1415282533815; Thu, 06 Nov 2014 06:02:13 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.43.129 with SMTP id w1ls86179lal.34.gmail; Thu, 06 Nov 2014 06:02:13 -0800 (PST) X-Received: by 10.152.20.72 with SMTP id l8mr5209815lae.43.1415282533505; Thu, 06 Nov 2014 06:02:13 -0800 (PST) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com. [209.85.217.182]) by mx.google.com with ESMTPS id 9si11662257lai.28.2014.11.06.06.02.13 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 06 Nov 2014 06:02:13 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.182 as permitted sender) client-ip=209.85.217.182; Received: by mail-lb0-f182.google.com with SMTP id f15so1050196lbj.13 for ; Thu, 06 Nov 2014 06:02:13 -0800 (PST) X-Received: by 10.152.5.38 with SMTP id p6mr5233450lap.44.1415282533398; Thu, 06 Nov 2014 06:02:13 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.184.201 with SMTP id ew9csp47777lbc; Thu, 6 Nov 2014 06:02:12 -0800 (PST) X-Received: by 10.52.37.43 with SMTP id v11mr2520230vdj.3.1415282532111; Thu, 06 Nov 2014 06:02:12 -0800 (PST) Received: from lists.xen.org (lists.xen.org. [50.57.142.19]) by mx.google.com with ESMTPS id z12si4906557vcz.54.2014.11.06.06.02.10 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 06 Nov 2014 06:02:12 -0800 (PST) Received-SPF: none (google.com: xen-devel-bounces@lists.xen.org does not designate permitted sender hosts) client-ip=50.57.142.19; Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XmNbL-0000i7-CB; Thu, 06 Nov 2014 13:59:51 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XmNbJ-0000i2-RH for xen-devel@lists.xen.org; Thu, 06 Nov 2014 13:59:49 +0000 Received: from [85.158.143.35] by server-2.bemta-4.messagelabs.com id 2D/69-24532-5DE7B545; Thu, 06 Nov 2014 13:59:49 +0000 X-Env-Sender: Ian.Campbell@citrix.com X-Msg-Ref: server-7.tower-21.messagelabs.com!1415282385!11966052!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n X-StarScan-Received: X-StarScan-Version: 6.12.4; banners=-,-,- X-VirusChecked: Checked Received: (qmail 1299 invoked from network); 6 Nov 2014 13:59:48 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-7.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 6 Nov 2014 13:59:48 -0000 X-IronPort-AV: E=Sophos;i="5.07,326,1413244800"; d="scan'208";a="188760835" Received: from ukmail1.uk.xensource.com (10.80.16.128) by smtprelay.citrix.com (10.13.107.78) with Microsoft SMTP Server id 14.3.181.6; Thu, 6 Nov 2014 08:59:44 -0500 Received: from cosworth.uk.xensource.com ([10.80.16.52] helo=localhost.localdomain ident=ianc) by ukmail1.uk.xensource.com with smtp (Exim 4.69) (envelope-from ) id 1XmNbD-0007ry-7j; Thu, 06 Nov 2014 13:59:44 +0000 Received: by localhost.localdomain (sSMTP sendmail emulation); Thu, 06 Nov 2014 13:59:43 +0000 From: Ian Campbell To: , , Date: Thu, 6 Nov 2014 13:59:43 +0000 Message-ID: <1415282383-26594-1-git-send-email-ian.campbell@citrix.com> X-Mailer: git-send-email 1.7.10.4 MIME-Version: 1.0 X-DLP: MIA1 Cc: Ian Campbell Subject: [Xen-devel] [PATCH] tools: libxl: do not overrun input buffer in libxl__parse_mac X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: List-Unsubscribe: , List-Post: , List-Help: , List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ian.campbell@citrix.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.217.182 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Archive: Valgrind reports: ==7971== Invalid read of size 1 ==7971== at 0x40877BE: libxl__parse_mac (libxl_internal.c:288) ==7971== by 0x405C5F8: libxl__device_nic_from_xs_be (libxl.c:3405) ==7971== by 0x4065542: libxl__append_nic_list_of_type (libxl.c:3484) ==7971== by 0x4065542: libxl_device_nic_list (libxl.c:3504) ==7971== by 0x406F561: libxl_retrieve_domain_configuration (libxl.c:6661) ==7971== by 0x805671C: reload_domain_config (xl_cmdimpl.c:2037) ==7971== by 0x8057F30: handle_domain_death (xl_cmdimpl.c:2116) ==7971== by 0x8057F30: create_domain (xl_cmdimpl.c:2580) ==7971== by 0x805B4B2: main_create (xl_cmdimpl.c:4652) ==7971== by 0x804EAB2: main (xl.c:378) This is because on the final iteration the tok += 3 skips over the terminating NUL to the next byte, and then *tok reads it. Fix this by using endptr as the iterator. Signed-off-by: Ian Campbell Acked-by: Wei Liu --- tools/libxl/libxl_internal.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/libxl/libxl_internal.c b/tools/libxl/libxl_internal.c index 02a71cb..00c3b1e 100644 --- a/tools/libxl/libxl_internal.c +++ b/tools/libxl/libxl_internal.c @@ -284,10 +284,12 @@ _hidden int libxl__parse_mac(const char *s, libxl_mac mac) char *endptr; int i; - for (i = 0, tok = s; *tok && (i < 6); ++i, tok += 3) { + for (i = 0, tok = s; *tok && (i < 6); ++i, tok = endptr) { mac[i] = strtol(tok, &endptr, 16); if (endptr != (tok + 2) || (*endptr != '\0' && *endptr != ':') ) return ERROR_INVAL; + if (*endptr == ':') + endptr++; } if ( i != 6 ) return ERROR_INVAL;