From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Matthew Daley <mattd@bugfuzz.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>,
Ian Campbell <Ian.Campbell@citrix.com>
Subject: [Patch v2 3/4] tools/xenstored: Avoid buffer overflows while setting up sockets
Date: Mon, 25 Nov 2013 14:38:41 +0000 [thread overview]
Message-ID: <1385390321-10124-1-git-send-email-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <CAD3CanccryKjcUDJ21sm6LJ75dv8JmPi8BRNuzpF2jwLsZ_Y-Q@mail.gmail.com>
Coverity ID: 1055996 1056002
Cache the xs_daemon_socket{,_ro}() strings to save pointlessly
re-snprintf()'ing the same path, and add explicit size checks against
addr.sun_path before strcpy()'ing into it.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Ian Campbell <Ian.Campbell@citrix.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: Matthew Daley <mattd@bugfuzz.com>
---
Changes in v2:
* Use logic similar to f220279c14
---
tools/xenstore/xenstored_core.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index ccfdaa3..2324e53 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1718,6 +1718,9 @@ static void init_sockets(int **psock, int **pro_sock)
{
struct sockaddr_un addr;
int *sock, *ro_sock;
+ const char *soc_str = xs_daemon_socket();
+ const char *soc_str_ro = xs_daemon_socket_ro();
+
/* Create sockets for them to listen to. */
*psock = sock = talloc(talloc_autofree_context(), int);
*sock = socket(PF_UNIX, SOCK_STREAM, 0);
@@ -1731,19 +1734,25 @@ static void init_sockets(int **psock, int **pro_sock)
talloc_set_destructor(ro_sock, destroy_fd);
/* FIXME: Be more sophisticated, don't mug running daemon. */
- unlink(xs_daemon_socket());
- unlink(xs_daemon_socket_ro());
+ unlink(soc_str);
+ unlink(soc_str_ro);
addr.sun_family = AF_UNIX;
- strcpy(addr.sun_path, xs_daemon_socket());
+
+ if(strlen(soc_str) >= sizeof(addr.sun_path))
+ barf_perror("socket string '%s' too long", soc_str);
+ strcpy(addr.sun_path, soc_str);
if (bind(*sock, (struct sockaddr *)&addr, sizeof(addr)) != 0)
- barf_perror("Could not bind socket to %s", xs_daemon_socket());
- strcpy(addr.sun_path, xs_daemon_socket_ro());
+ barf_perror("Could not bind socket to %s", soc_str);
+
+ if(strlen(soc_str_ro) >= sizeof(addr.sun_path))
+ barf_perror("socket string '%s' too long", soc_str_ro);
+ strcpy(addr.sun_path, soc_str_ro);
if (bind(*ro_sock, (struct sockaddr *)&addr, sizeof(addr)) != 0)
- barf_perror("Could not bind socket to %s",
- xs_daemon_socket_ro());
- if (chmod(xs_daemon_socket(), 0600) != 0
- || chmod(xs_daemon_socket_ro(), 0660) != 0)
+ barf_perror("Could not bind socket to %s", soc_str_ro);
+
+ if (chmod(soc_str, 0600) != 0
+ || chmod(soc_str_ro, 0660) != 0)
barf_perror("Could not chmod sockets");
if (listen(*sock, 1) != 0
--
1.7.10.4
next prev parent reply other threads:[~2013-11-25 14:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-25 11:07 [PATCH 0/4] Coverity fixes for tools/xenstore Andrew Cooper
2013-11-25 11:07 ` [PATCH 1/4] tools/xenstore: Fix 15 potential resource leaks in build() Andrew Cooper
2013-11-25 12:23 ` Ian Jackson
2013-11-25 11:07 ` [PATCH 2/4] tools/xenstore-rm: Fix memory leaks Andrew Cooper
2013-11-25 12:24 ` Ian Jackson
2013-11-25 11:07 ` [PATCH 3/4] tools/xenstored: Avoid buffer overflows while setting up sockets Andrew Cooper
2013-11-25 12:25 ` Matthew Daley
2013-11-25 14:38 ` Andrew Cooper [this message]
2013-12-02 13:18 ` [Patch v2 " Andrew Cooper
2013-12-09 13:32 ` Andrew Cooper
2013-12-13 18:13 ` Andrew Cooper
2013-12-13 18:28 ` [Patch v2 3/4] tools/xenstored: Avoid buffer overflows while setting up sockets [and 1 more messages] Ian Jackson
2013-12-13 19:15 ` Andrew Cooper
2013-11-25 12:27 ` [PATCH 3/4] tools/xenstored: Avoid buffer overflows while setting up sockets Ian Jackson
2013-11-25 11:07 ` [PATCH 4/4] tools/xenstored: Don't leak a file handle when creating the pidfile Andrew Cooper
2013-11-25 12:29 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1385390321-10124-1-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=mattd@bugfuzz.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.