From nobody Tue Feb 10 05:01:14 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15320978660611.7566876949165362; Fri, 20 Jul 2018 07:44:26 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 26593308FBAB; Fri, 20 Jul 2018 14:44:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E50675D9CA; Fri, 20 Jul 2018 14:44:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C71D18037EF; Fri, 20 Jul 2018 14:44:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w6KEiKgE020997 for ; Fri, 20 Jul 2018 10:44:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 52D872026D6B; Fri, 20 Jul 2018 14:44:20 +0000 (UTC) Received: from inaba.usersys.redhat.com (unknown [10.43.2.44]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CA8922026D69 for ; Fri, 20 Jul 2018 14:44:19 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Fri, 20 Jul 2018 16:44:10 +0200 Message-Id: <20180720144413.28226-6-abologna@redhat.com> In-Reply-To: <20180720144413.28226-1-abologna@redhat.com> References: <20180720144413.28226-1-abologna@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 5/8] src: Don't rely on strncpy()-like behavior X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Fri, 20 Jul 2018 14:44:24 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The strncpy() function has this quirk where it will copy *up* to the requested number of bytes, that is, it will stop early if it encounters a NULL byte in the source string. This makes it legal to pass the size of the destination buffer (minus one byte needed for the string terminator) as the number of bytes to copy and still get something somewhat reasonable out of the operation; unfortunately, it also makes the function difficult to reason about and way too easy to misuse. We want to move away from the way strncpy() behaves and towards better defined semantics, where virStrncpy() will always copy *exactly* the number of bytes it's been asked to copy; before we can do that, though, we have to change a few of the callers. Signed-off-by: Andrea Bolognani --- src/locking/lock_driver_sanlock.c | 3 ++- src/xenapi/xenapi_driver.c | 4 +++- src/xenconfig/xen_common.c | 14 +++++++------- src/xenconfig/xen_xl.c | 12 ++++++------ 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sa= nlock.c index 345cf0a772..3f3a587541 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -1004,7 +1004,8 @@ static int virLockManagerSanlockAcquire(virLockManage= rPtr lock, /* sanlock doesn't use owner_name for anything, so it's safe to take j= ust * the first SANLK_NAME_LEN - 1 characters from vm_name */ ignore_value(virStrncpy(opt->owner_name, priv->vm_name, - SANLK_NAME_LEN - 1, SANLK_NAME_LEN)); + MIN(strlen(priv->vm_name), SANLK_NAME_LEN - 1), + SANLK_NAME_LEN)); =20 if (state && STRNEQ(state, "")) { if ((rv =3D sanlock_state_to_args((char *)state, diff --git a/src/xenapi/xenapi_driver.c b/src/xenapi/xenapi_driver.c index 42b305d316..f4375c5874 100644 --- a/src/xenapi/xenapi_driver.c +++ b/src/xenapi/xenapi_driver.c @@ -430,7 +430,9 @@ xenapiNodeGetInfo(virConnectPtr conn, virNodeInfoPtr in= fo) if (xen_host_cpu_get_all(session, &host_cpu_set)) { host_cpu =3D host_cpu_set->contents[0]; xen_host_cpu_get_modelname(session, &modelname, host_cpu); - if (!virStrncpy(info->model, modelname, LIBVIRT_MODELNAME_LEN - 1,= LIBVIRT_MODELNAME_LEN)) { + if (!virStrncpy(info->model, modelname, + MIN(strlen(modelname), LIBVIRT_MODELNAME_LEN - 1), + LIBVIRT_MODELNAME_LEN)) { virReportOOMError(); xen_host_cpu_set_free(host_cpu_set); VIR_FREE(modelname); diff --git a/src/xenconfig/xen_common.c b/src/xenconfig/xen_common.c index 4a94127da1..815ccd030e 100644 --- a/src/xenconfig/xen_common.c +++ b/src/xenconfig/xen_common.c @@ -879,7 +879,7 @@ xenParseVif(char *entry, const char *vif_typename) data++; =20 if (STRPREFIX(key, "mac=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(mac) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(mac, data, len, sizeof(mac)) =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("MAC address %s too big for destination"), @@ -887,7 +887,7 @@ xenParseVif(char *entry, const char *vif_typename) return NULL; } } else if (STRPREFIX(key, "bridge=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(bridge) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(bridge, data, len, sizeof(bridge)) =3D=3D NULL)= { virReportError(VIR_ERR_INTERNAL_ERROR, _("Bridge %s too big for destination"), @@ -900,7 +900,7 @@ xenParseVif(char *entry, const char *vif_typename) if (VIR_STRNDUP(script, data, len) < 0) return NULL; } else if (STRPREFIX(key, "model=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(model) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(model, data, len, sizeof(model)) =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Model %s too big for destination"), @@ -908,7 +908,7 @@ xenParseVif(char *entry, const char *vif_typename) return NULL; } } else if (STRPREFIX(key, "type=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(type) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(type, data, len, sizeof(type)) =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Type %s too big for destination"), @@ -916,7 +916,7 @@ xenParseVif(char *entry, const char *vif_typename) return NULL; } } else if (STRPREFIX(key, "vifname=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(vifname) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(vifname, data, len, sizeof(vifname)) =3D=3D NUL= L) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Vifname %s too big for destination"), @@ -924,14 +924,14 @@ xenParseVif(char *entry, const char *vif_typename) return NULL; } } else if (STRPREFIX(key, "ip=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(ip) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(ip, data, len, sizeof(ip)) =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("IP %s too big for destination"), data); return NULL; } } else if (STRPREFIX(key, "rate=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(rate) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(rate, data, len, sizeof(rate)) =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("rate %s too big for destination"), data); diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c index 807fe621d6..bc3191ad5e 100644 --- a/src/xenconfig/xen_xl.c +++ b/src/xenconfig/xen_xl.c @@ -899,7 +899,7 @@ xenParseXLUSBController(virConfPtr conf, virDomainDefPt= r def) data++; =20 if (STRPREFIX(key, "type=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(type) = - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(type, data, len, sizeof(type)) =3D=3D N= ULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("type %s invalid"), @@ -907,7 +907,7 @@ xenParseXLUSBController(virConfPtr conf, virDomainDefPt= r def) goto skipusbctrl; } } else if (STRPREFIX(key, "version=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(versio= n) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(version, data, len, sizeof(version)) = =3D=3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("version %s invalid"), @@ -917,7 +917,7 @@ xenParseXLUSBController(virConfPtr conf, virDomainDefPt= r def) if (virStrToLong_i(version, NULL, 16, &usbctrl_version= ) < 0) goto skipusbctrl; } else if (STRPREFIX(key, "ports=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(ports)= - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(ports, data, len, sizeof(ports)) =3D=3D= NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("version %s invalid"), @@ -1001,7 +1001,7 @@ xenParseXLUSB(virConfPtr conf, virDomainDefPtr def) data++; =20 if (STRPREFIX(key, "hostbus=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(bus) -= 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(bus, data, len, sizeof(bus)) =3D=3D NUL= L) { virReportError(VIR_ERR_INTERNAL_ERROR, _("bus %s too big for destination"), @@ -1009,7 +1009,7 @@ xenParseXLUSB(virConfPtr conf, virDomainDefPtr def) goto skipusb; } } else if (STRPREFIX(key, "hostaddr=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(device= ) - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(device, data, len, sizeof(device)) =3D= =3D NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("device %s too big for destinatio= n"), @@ -1077,7 +1077,7 @@ xenParseXLChannel(virConfPtr conf, virDomainDefPtr de= f) data++; =20 if (STRPREFIX(key, "connection=3D")) { - int len =3D nextkey ? (nextkey - data) : sizeof(type) = - 1; + int len =3D nextkey ? (nextkey - data) : strlen(data); if (virStrncpy(type, data, len, sizeof(type)) =3D=3D N= ULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("connection %s too big"), data); --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list