debuggers.hg

changeset 22368:2795279e7533

libxl: Fix format string abuses / vulnerabilities

There are a few places where libxl__xs_write is passed a variable
value to write to xenstore, but the semantics are that the first char*
is a format string. So use "%s".

This fixes the following errors reported by some newer compilers:
libxl.c: In function "libxl_create_cpupool":
libxl.c:3981: error: format not a string literal and no format arguments
libxl.c:3983: error: format not a string literal and no format arguments
libxl.c: In function "libxl_cpupool_movedomain":
libxl.c:4095: error: format not a string literal and no format arguments

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Gianni Tedesco <gianni.tedesco@citrix.com>
author Ian Jackson <Ian.Jackson@eu.citrix.com>
date Thu Oct 28 12:05:45 2010 +0100 (2010-10-28)
parents da9b1aa3c366
children 951222c08589
files tools/libxl/libxl.c
line diff
     1.1 --- a/tools/libxl/libxl.c	Thu Oct 28 12:02:22 2010 +0100
     1.2 +++ b/tools/libxl/libxl.c	Thu Oct 28 12:05:45 2010 +0100
     1.3 @@ -3978,10 +3978,12 @@ int libxl_create_cpupool(libxl_ctx *ctx,
     1.4          t = xs_transaction_start(ctx->xsh);
     1.5  
     1.6          xs_mkdir(ctx->xsh, t, libxl__sprintf(&gc, "/local/pool/%d", *poolid));
     1.7 -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid),
     1.8 -                 uuid_string);
     1.9 -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name", *poolid),
    1.10 -                 name);
    1.11 +        libxl__xs_write(&gc, t,
    1.12 +                        libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid),
    1.13 +                        "%s", uuid_string);
    1.14 +        libxl__xs_write(&gc, t,
    1.15 +                        libxl__sprintf(&gc, "/local/pool/%d/name", *poolid),
    1.16 +                        "%s", name);
    1.17  
    1.18          if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
    1.19              return 0;
    1.20 @@ -4093,7 +4095,8 @@ int libxl_cpupool_movedomain(libxl_ctx *
    1.21          if (!vm_path)
    1.22              break;
    1.23  
    1.24 -        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path), poolname);
    1.25 +        libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path),
    1.26 +                        "%s", poolname);
    1.27  
    1.28          if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN))
    1.29              break;