debuggers.hg
changeset 22368:2795279e7533
libxl: Fix format string abuses / vulnerabilities
There are a few places where libxl__xs_write is passed a variable
value to write to xenstore, but the semantics are that the first char*
is a format string. So use "%s".
This fixes the following errors reported by some newer compilers:
libxl.c: In function "libxl_create_cpupool":
libxl.c:3981: error: format not a string literal and no format arguments
libxl.c:3983: error: format not a string literal and no format arguments
libxl.c: In function "libxl_cpupool_movedomain":
libxl.c:4095: error: format not a string literal and no format arguments
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Gianni Tedesco <gianni.tedesco@citrix.com>
There are a few places where libxl__xs_write is passed a variable
value to write to xenstore, but the semantics are that the first char*
is a format string. So use "%s".
This fixes the following errors reported by some newer compilers:
libxl.c: In function "libxl_create_cpupool":
libxl.c:3981: error: format not a string literal and no format arguments
libxl.c:3983: error: format not a string literal and no format arguments
libxl.c: In function "libxl_cpupool_movedomain":
libxl.c:4095: error: format not a string literal and no format arguments
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Gianni Tedesco <gianni.tedesco@citrix.com>
| author | Ian Jackson <Ian.Jackson@eu.citrix.com> |
|---|---|
| date | Thu Oct 28 12:05:45 2010 +0100 (2010-10-28) |
| parents | da9b1aa3c366 |
| children | 951222c08589 |
| files | tools/libxl/libxl.c |
line diff
1.1 --- a/tools/libxl/libxl.c Thu Oct 28 12:02:22 2010 +0100 1.2 +++ b/tools/libxl/libxl.c Thu Oct 28 12:05:45 2010 +0100 1.3 @@ -3978,10 +3978,12 @@ int libxl_create_cpupool(libxl_ctx *ctx, 1.4 t = xs_transaction_start(ctx->xsh); 1.5 1.6 xs_mkdir(ctx->xsh, t, libxl__sprintf(&gc, "/local/pool/%d", *poolid)); 1.7 - libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid), 1.8 - uuid_string); 1.9 - libxl__xs_write(&gc, t, libxl__sprintf(&gc, "/local/pool/%d/name", *poolid), 1.10 - name); 1.11 + libxl__xs_write(&gc, t, 1.12 + libxl__sprintf(&gc, "/local/pool/%d/uuid", *poolid), 1.13 + "%s", uuid_string); 1.14 + libxl__xs_write(&gc, t, 1.15 + libxl__sprintf(&gc, "/local/pool/%d/name", *poolid), 1.16 + "%s", name); 1.17 1.18 if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN)) 1.19 return 0; 1.20 @@ -4093,7 +4095,8 @@ int libxl_cpupool_movedomain(libxl_ctx * 1.21 if (!vm_path) 1.22 break; 1.23 1.24 - libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path), poolname); 1.25 + libxl__xs_write(&gc, t, libxl__sprintf(&gc, "%s/pool_name", vm_path), 1.26 + "%s", poolname); 1.27 1.28 if (xs_transaction_end(ctx->xsh, t, 0) || (errno != EAGAIN)) 1.29 break;