debuggers.hg
changeset 13697:b2c1eeee2dcf
Replace sprintf with snprintf and strncpy with strlcpy.
There are various cases where no NULL-terminated strings are
guaranteed and eventual possible overflows. This patch fixes them.
From: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
There are various cases where no NULL-terminated strings are
guaranteed and eventual possible overflows. This patch fixes them.
From: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
| author | kfraser@localhost.localdomain |
|---|---|
| date | Mon Jan 29 10:52:17 2007 +0000 (2007-01-29) |
| parents | f8ddcb758117 |
| children | 5d9b72e640e0 |
| files | xen/arch/x86/cpu/centaur.c xen/arch/x86/cpu/common.c xen/arch/x86/domain_build.c xen/arch/x86/hvm/intercept.c xen/arch/x86/oprofile/nmi_int.c xen/arch/x86/setup.c xen/arch/x86/time.c xen/common/gdbstub.c xen/common/kernel.c xen/common/keyhandler.c xen/common/libelf/libelf-dominfo.c xen/common/perfc.c xen/common/rangeset.c xen/common/symbols.c |
line diff
1.1 --- a/xen/arch/x86/cpu/centaur.c Sun Jan 28 19:02:00 2007 +0000 1.2 +++ b/xen/arch/x86/cpu/centaur.c Mon Jan 29 10:52:17 2007 +0000 1.3 @@ -437,7 +437,8 @@ static void __init init_centaur(struct c 1.4 /* Add L1 data and code cache sizes. */ 1.5 c->x86_cache_size = (cc>>24)+(dd>>24); 1.6 } 1.7 - sprintf( c->x86_model_id, "WinChip %s", name ); 1.8 + snprintf( c->x86_model_id, sizeof(c->x86_model_id), 1.9 + "WinChip %s", name ); 1.10 break; 1.11 1.12 case 6:
2.1 --- a/xen/arch/x86/cpu/common.c Sun Jan 28 19:02:00 2007 +0000 2.2 +++ b/xen/arch/x86/cpu/common.c Mon Jan 29 10:52:17 2007 +0000 2.3 @@ -386,8 +386,8 @@ void __devinit identify_cpu(struct cpuin 2.4 strcpy(c->x86_model_id, p); 2.5 else 2.6 /* Last resort... */ 2.7 - sprintf(c->x86_model_id, "%02x/%02x", 2.8 - c->x86_vendor, c->x86_model); 2.9 + snprintf(c->x86_model_id, sizeof(c->x86_model_id), 2.10 + "%02x/%02x", c->x86_vendor, c->x86_model); 2.11 } 2.12 2.13 /* Now the feature flags better reflect actual CPU features! */
3.1 --- a/xen/arch/x86/domain_build.c Sun Jan 28 19:02:00 2007 +0000 3.2 +++ b/xen/arch/x86/domain_build.c Mon Jan 29 10:52:17 2007 +0000 3.3 @@ -821,7 +821,7 @@ int construct_dom0(struct domain *d, 3.4 si->pt_base = vpt_start + 2 * PAGE_SIZE * !!IS_COMPAT(d); 3.5 si->nr_pt_frames = nr_pt_pages; 3.6 si->mfn_list = vphysmap_start; 3.7 - sprintf(si->magic, "xen-%i.%i-x86_%d%s", 3.8 + snprintf(si->magic, sizeof(si->magic), "xen-%i.%i-x86_%d%s", 3.9 xen_major_version(), xen_minor_version(), 3.10 elf_64bit(&elf) ? 64 : 32, 3.11 parms.pae ? "p" : ""); 3.12 @@ -871,7 +871,7 @@ int construct_dom0(struct domain *d, 3.13 3.14 memset(si->cmd_line, 0, sizeof(si->cmd_line)); 3.15 if ( cmdline != NULL ) 3.16 - strncpy((char *)si->cmd_line, cmdline, sizeof(si->cmd_line)-1); 3.17 + strlcpy((char *)si->cmd_line, cmdline, sizeof(si->cmd_line)); 3.18 3.19 if ( fill_console_start_info((void *)(si + 1)) ) 3.20 {
4.1 --- a/xen/arch/x86/hvm/intercept.c Sun Jan 28 19:02:00 2007 +0000 4.2 +++ b/xen/arch/x86/hvm/intercept.c Mon Jan 29 10:52:17 2007 +0000 4.3 @@ -173,7 +173,7 @@ int hvm_register_savevm(struct domain *d 4.4 return -1; 4.5 } 4.6 4.7 - strncpy(se->idstr, idstr, HVM_SE_IDSTR_LEN); 4.8 + strlcpy(se->idstr, idstr, HVM_SE_IDSTR_LEN); 4.9 4.10 se->instance_id = instance_id; 4.11 se->version_id = version_id;
5.1 --- a/xen/arch/x86/oprofile/nmi_int.c Sun Jan 28 19:02:00 2007 +0000 5.2 +++ b/xen/arch/x86/oprofile/nmi_int.c Mon Jan 29 10:52:17 2007 +0000 5.3 @@ -22,6 +22,7 @@ 5.4 #include <asm/regs.h> 5.5 #include <asm/current.h> 5.6 #include <xen/delay.h> 5.7 +#include <xen/string.h> 5.8 5.9 #include "op_counter.h" 5.10 #include "op_x86_model.h" 5.11 @@ -39,7 +40,6 @@ extern int is_active(struct domain *d); 5.12 extern int active_id(struct domain *d); 5.13 extern int is_profiled(struct domain *d); 5.14 5.15 -extern size_t strlcpy(char *dest, const char *src, size_t size); 5.16 5.17 5.18 static int nmi_callback(struct cpu_user_regs *regs, int cpu) 5.19 @@ -276,20 +276,20 @@ static int __init p4_init(char * cpu_typ 5.20 } 5.21 5.22 #ifndef CONFIG_SMP 5.23 - strncpy (cpu_type, "i386/p4", XENOPROF_CPU_TYPE_SIZE - 1); 5.24 + strlcpy (cpu_type, "i386/p4", XENOPROF_CPU_TYPE_SIZE); 5.25 model = &op_p4_spec; 5.26 return 1; 5.27 #else 5.28 switch (smp_num_siblings) { 5.29 case 1: 5.30 - strncpy (cpu_type, "i386/p4", 5.31 - XENOPROF_CPU_TYPE_SIZE - 1); 5.32 + strlcpy (cpu_type, "i386/p4", 5.33 + XENOPROF_CPU_TYPE_SIZE); 5.34 model = &op_p4_spec; 5.35 return 1; 5.36 5.37 case 2: 5.38 - strncpy (cpu_type, "i386/p4-ht", 5.39 - XENOPROF_CPU_TYPE_SIZE - 1); 5.40 + strlcpy (cpu_type, "i386/p4-ht", 5.41 + XENOPROF_CPU_TYPE_SIZE); 5.42 model = &op_p4_ht2_spec; 5.43 return 1; 5.44 } 5.45 @@ -311,17 +311,17 @@ static int __init ppro_init(char *cpu_ty 5.46 return 0; 5.47 } 5.48 else if (cpu_model == 15) 5.49 - strncpy (cpu_type, "i386/core_2", XENOPROF_CPU_TYPE_SIZE - 1); 5.50 + strlcpy (cpu_type, "i386/core_2", XENOPROF_CPU_TYPE_SIZE); 5.51 else if (cpu_model == 14) 5.52 - strncpy (cpu_type, "i386/core", XENOPROF_CPU_TYPE_SIZE - 1); 5.53 + strlcpy (cpu_type, "i386/core", XENOPROF_CPU_TYPE_SIZE); 5.54 else if (cpu_model == 9) 5.55 - strncpy (cpu_type, "i386/p6_mobile", XENOPROF_CPU_TYPE_SIZE - 1); 5.56 + strlcpy (cpu_type, "i386/p6_mobile", XENOPROF_CPU_TYPE_SIZE); 5.57 else if (cpu_model > 5) 5.58 - strncpy (cpu_type, "i386/piii", XENOPROF_CPU_TYPE_SIZE - 1); 5.59 + strlcpy (cpu_type, "i386/piii", XENOPROF_CPU_TYPE_SIZE); 5.60 else if (cpu_model > 2) 5.61 - strncpy (cpu_type, "i386/pii", XENOPROF_CPU_TYPE_SIZE - 1); 5.62 + strlcpy (cpu_type, "i386/pii", XENOPROF_CPU_TYPE_SIZE); 5.63 else 5.64 - strncpy (cpu_type, "i386/ppro", XENOPROF_CPU_TYPE_SIZE - 1); 5.65 + strlcpy (cpu_type, "i386/ppro", XENOPROF_CPU_TYPE_SIZE); 5.66 5.67 model = &op_ppro_spec; 5.68 return 1; 5.69 @@ -346,9 +346,6 @@ int nmi_init(int *num_events, int *is_pr 5.70 } 5.71 } 5.72 5.73 - /* Make sure string is NULL terminated */ 5.74 - cpu_type[XENOPROF_CPU_TYPE_SIZE - 1] = 0; 5.75 - 5.76 switch (vendor) { 5.77 case X86_VENDOR_AMD: 5.78 /* Needs to be at least an Athlon (or hammer in 32bit mode) */ 5.79 @@ -361,15 +358,15 @@ int nmi_init(int *num_events, int *is_pr 5.80 return -ENODEV; 5.81 case 6: 5.82 model = &op_athlon_spec; 5.83 - strncpy (cpu_type, "i386/athlon", 5.84 - XENOPROF_CPU_TYPE_SIZE - 1); 5.85 + strlcpy (cpu_type, "i386/athlon", 5.86 + XENOPROF_CPU_TYPE_SIZE); 5.87 break; 5.88 case 0xf: 5.89 model = &op_athlon_spec; 5.90 /* Actually it could be i386/hammer too, but give 5.91 user space an consistent name. */ 5.92 - strncpy (cpu_type, "x86-64/hammer", 5.93 - XENOPROF_CPU_TYPE_SIZE - 1); 5.94 + strlcpy (cpu_type, "x86-64/hammer", 5.95 + XENOPROF_CPU_TYPE_SIZE); 5.96 break; 5.97 } 5.98 break;
6.1 --- a/xen/arch/x86/setup.c Sun Jan 28 19:02:00 2007 +0000 6.2 +++ b/xen/arch/x86/setup.c Mon Jan 29 10:52:17 2007 +0000 6.3 @@ -111,8 +111,7 @@ char acpi_param[10] = ""; 6.4 static void parse_acpi_param(char *s) 6.5 { 6.6 /* Save the parameter so it can be propagated to domain0. */ 6.7 - strncpy(acpi_param, s, sizeof(acpi_param)); 6.8 - acpi_param[sizeof(acpi_param)-1] = '\0'; 6.9 + strlcpy(acpi_param, s, sizeof(acpi_param)); 6.10 6.11 /* Interpret the parameter for use within Xen. */ 6.12 if ( !strcmp(s, "off") ) 6.13 @@ -804,35 +803,57 @@ void __init __start_xen(multiboot_info_t 6.14 void arch_get_xen_caps(xen_capabilities_info_t info) 6.15 { 6.16 char *p = info; 6.17 + int i = 0; 6.18 int major = xen_major_version(); 6.19 int minor = xen_minor_version(); 6.20 6.21 #if defined(CONFIG_X86_32) && !defined(CONFIG_X86_PAE) 6.22 6.23 - p += sprintf(p, "xen-%d.%d-x86_32 ", major, minor); 6.24 - if ( hvm_enabled ) 6.25 - p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor); 6.26 + i = snprintf(p, sizeof(xen_capabilities_info_t), 6.27 + "xen-%d.%d-x86_32 ", major, minor); 6.28 + p += i; 6.29 + if ( hvm_enabled ) { 6.30 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.31 + "hvm-%d.%d-x86_32 ", major, minor); 6.32 + p += i; 6.33 + } 6.34 6.35 #elif defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) 6.36 6.37 - p += sprintf(p, "xen-%d.%d-x86_32p ", major, minor); 6.38 + i = snprintf(p, sizeof(xen_capabilities_info_t), 6.39 + "xen-%d.%d-x86_32p ", major, minor); 6.40 + p += i; 6.41 if ( hvm_enabled ) 6.42 { 6.43 - p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor); 6.44 - p += sprintf(p, "hvm-%d.%d-x86_32p ", major, minor); 6.45 + i = snprintf(p, sizeof(xen_capabilities_info_t), 6.46 + "hvm-%d.%d-x86_32 ", major, minor); 6.47 + p += i; 6.48 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.49 + "hvm-%d.%d-x86_32p ", major, minor); 6.50 + p += i; 6.51 } 6.52 6.53 #elif defined(CONFIG_X86_64) 6.54 6.55 - p += sprintf(p, "xen-%d.%d-x86_64 ", major, minor); 6.56 + i = snprintf(p, sizeof(xen_capabilities_info_t), 6.57 + "xen-%d.%d-x86_64 ", major, minor); 6.58 + p += i; 6.59 #ifdef CONFIG_COMPAT 6.60 - p += sprintf(p, "xen-%d.%d-x86_32p ", major, minor); 6.61 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.62 + "xen-%d.%d-x86_32p ", major, minor); 6.63 + p += i; 6.64 #endif 6.65 if ( hvm_enabled ) 6.66 { 6.67 - p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor); 6.68 - p += sprintf(p, "hvm-%d.%d-x86_32p ", major, minor); 6.69 - p += sprintf(p, "hvm-%d.%d-x86_64 ", major, minor); 6.70 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.71 + "hvm-%d.%d-x86_32 ", major, minor); 6.72 + p += i; 6.73 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.74 + "hvm-%d.%d-x86_32p ", major, minor); 6.75 + p += i; 6.76 + i = snprintf(p, sizeof(xen_capabilities_info_t) - i, 6.77 + "hvm-%d.%d-x86_64 ", major, minor); 6.78 + p += i; 6.79 } 6.80 6.81 #else
7.1 --- a/xen/arch/x86/time.c Sun Jan 28 19:02:00 2007 +0000 7.2 +++ b/xen/arch/x86/time.c Mon Jan 29 10:52:17 2007 +0000 7.3 @@ -274,7 +274,7 @@ static char *freq_string(u64 freq) 7.4 unsigned int x, y; 7.5 y = (unsigned int)do_div(freq, 1000000) / 1000; 7.6 x = (unsigned int)freq; 7.7 - sprintf(s, "%u.%03uMHz", x, y); 7.8 + snprintf(s, sizeof(s), "%u.%03uMHz", x, y); 7.9 return s; 7.10 } 7.11
8.1 --- a/xen/common/gdbstub.c Sun Jan 28 19:02:00 2007 +0000 8.2 +++ b/xen/common/gdbstub.c Mon Jan 29 10:52:17 2007 +0000 8.3 @@ -268,7 +268,7 @@ gdb_send_packet(struct gdb_context *ctx) 8.4 char buf[3]; 8.5 int count; 8.6 8.7 - sprintf(buf, "%.02x\n", ctx->out_csum); 8.8 + snprintf(buf, sizeof(buf), "%.02x\n", ctx->out_csum); 8.9 8.10 gdb_write_to_packet_char('#', ctx); 8.11 gdb_write_to_packet(buf, 2, ctx);
9.1 --- a/xen/common/kernel.c Sun Jan 28 19:02:00 2007 +0000 9.2 +++ b/xen/common/kernel.c Mon Jan 29 10:52:17 2007 +0000 9.3 @@ -72,8 +72,7 @@ void cmdline_parse(char *cmdline) 9.4 switch ( param->type ) 9.5 { 9.6 case OPT_STR: 9.7 - strncpy(param->var, optval, param->len); 9.8 - ((char *)param->var)[param->len-1] = '\0'; 9.9 + strlcpy(param->var, optval, param->len); 9.10 break; 9.11 case OPT_UINT: 9.12 *(unsigned int *)param->var =
10.1 --- a/xen/common/keyhandler.c Sun Jan 28 19:02:00 2007 +0000 10.2 +++ b/xen/common/keyhandler.c Mon Jan 29 10:52:17 2007 +0000 10.3 @@ -67,7 +67,7 @@ void register_keyhandler( 10.4 ASSERT(key_table[key].u.handler == NULL); 10.5 key_table[key].u.handler = handler; 10.6 key_table[key].flags = 0; 10.7 - strncpy(key_table[key].desc, desc, STR_MAX); 10.8 + strlcpy(key_table[key].desc, desc, STR_MAX); 10.9 key_table[key].desc[STR_MAX-1] = '\0'; 10.10 } 10.11 10.12 @@ -77,8 +77,7 @@ void register_irq_keyhandler( 10.13 ASSERT(key_table[key].u.irq_handler == NULL); 10.14 key_table[key].u.irq_handler = handler; 10.15 key_table[key].flags = KEYHANDLER_IRQ_CALLBACK; 10.16 - strncpy(key_table[key].desc, desc, STR_MAX); 10.17 - key_table[key].desc[STR_MAX-1] = '\0'; 10.18 + strlcpy(key_table[key].desc, desc, STR_MAX); 10.19 } 10.20 10.21 static void show_handlers(unsigned char key)
11.1 --- a/xen/common/libelf/libelf-dominfo.c Sun Jan 28 19:02:00 2007 +0000 11.2 +++ b/xen/common/libelf/libelf-dominfo.c Mon Jan 29 10:52:17 2007 +0000 11.3 @@ -128,16 +128,16 @@ int elf_xen_parse_note(struct elf_binary 11.4 switch (type) 11.5 { 11.6 case XEN_ELFNOTE_LOADER: 11.7 - strncpy(parms->loader, str, sizeof(parms->loader)); 11.8 + strlcpy(parms->loader, str, sizeof(parms->loader)); 11.9 break; 11.10 case XEN_ELFNOTE_GUEST_OS: 11.11 - strncpy(parms->guest_os, str, sizeof(parms->guest_os)); 11.12 + strlcpy(parms->guest_os, str, sizeof(parms->guest_os)); 11.13 break; 11.14 case XEN_ELFNOTE_GUEST_VERSION: 11.15 - strncpy(parms->guest_ver, str, sizeof(parms->guest_ver)); 11.16 + strlcpy(parms->guest_ver, str, sizeof(parms->guest_ver)); 11.17 break; 11.18 case XEN_ELFNOTE_XEN_VERSION: 11.19 - strncpy(parms->xen_ver, str, sizeof(parms->xen_ver)); 11.20 + strlcpy(parms->xen_ver, str, sizeof(parms->xen_ver)); 11.21 break; 11.22 case XEN_ELFNOTE_PAE_MODE: 11.23 if (0 == strcmp(str, "yes")) 11.24 @@ -224,13 +224,13 @@ int elf_xen_parse_guest_info(struct elf_ 11.25 11.26 /* strings */ 11.27 if (0 == strcmp(name, "LOADER")) 11.28 - strncpy(parms->loader, value, sizeof(parms->loader)); 11.29 + strlcpy(parms->loader, value, sizeof(parms->loader)); 11.30 if (0 == strcmp(name, "GUEST_OS")) 11.31 - strncpy(parms->guest_os, value, sizeof(parms->guest_os)); 11.32 + strlcpy(parms->guest_os, value, sizeof(parms->guest_os)); 11.33 if (0 == strcmp(name, "GUEST_VER")) 11.34 - strncpy(parms->guest_ver, value, sizeof(parms->guest_ver)); 11.35 + strlcpy(parms->guest_ver, value, sizeof(parms->guest_ver)); 11.36 if (0 == strcmp(name, "XEN_VER")) 11.37 - strncpy(parms->xen_ver, value, sizeof(parms->xen_ver)); 11.38 + strlcpy(parms->xen_ver, value, sizeof(parms->xen_ver)); 11.39 if (0 == strcmp(name, "PAE")) 11.40 { 11.41 if (0 == strcmp(value, "yes[extended-cr3]"))
12.1 --- a/xen/common/perfc.c Sun Jan 28 19:02:00 2007 +0000 12.2 +++ b/xen/common/perfc.c Mon Jan 29 10:52:17 2007 +0000 12.3 @@ -148,9 +148,8 @@ static int perfc_copy_info(XEN_GUEST_HAN 12.4 { 12.5 for ( i = 0; i < NR_PERFCTRS; i++ ) 12.6 { 12.7 - strncpy(perfc_d[i].name, perfc_info[i].name, 12.8 + strlcpy(perfc_d[i].name, perfc_info[i].name, 12.9 sizeof(perfc_d[i].name)); 12.10 - perfc_d[i].name[sizeof(perfc_d[i].name)-1] = '\0'; 12.11 12.12 switch ( perfc_info[i].type ) 12.13 {
13.1 --- a/xen/common/rangeset.c Sun Jan 28 19:02:00 2007 +0000 13.2 +++ b/xen/common/rangeset.c Mon Jan 29 10:52:17 2007 +0000 13.3 @@ -283,12 +283,11 @@ struct rangeset *rangeset_new( 13.4 13.5 if ( name != NULL ) 13.6 { 13.7 - strncpy(r->name, name, sizeof(r->name)); 13.8 - r->name[sizeof(r->name)-1] = '\0'; 13.9 + strlcpy(r->name, name, sizeof(r->name)); 13.10 } 13.11 else 13.12 { 13.13 - sprintf(r->name, "(no name)"); 13.14 + snprintf(r->name, sizeof(r->name), "(no name)"); 13.15 } 13.16 13.17 if ( (r->domain = d) != NULL )
14.1 --- a/xen/common/symbols.c Sun Jan 28 19:02:00 2007 +0000 14.2 +++ b/xen/common/symbols.c Mon Jan 29 10:52:17 2007 +0000 14.3 @@ -142,15 +142,17 @@ void __print_symbol(const char *fmt, uns 14.4 const char *name; 14.5 unsigned long offset, size; 14.6 char namebuf[KSYM_NAME_LEN+1]; 14.7 - char buffer[sizeof("%s+%#lx/%#lx [%s]") + KSYM_NAME_LEN + 14.8 - 2*(BITS_PER_LONG*3/10) + 1]; 14.9 + 14.10 +#define BUFFER_SIZE sizeof("%s+%#lx/%#lx [%s]") + KSYM_NAME_LEN + \ 14.11 + 2*(BITS_PER_LONG*3/10) + 1 14.12 + char buffer[BUFFER_SIZE]; 14.13 14.14 name = symbols_lookup(address, &size, &offset, namebuf); 14.15 14.16 if (!name) 14.17 - sprintf(buffer, "???"); 14.18 + snprintf(buffer, BUFFER_SIZE, "???"); 14.19 else 14.20 - sprintf(buffer, "%s+%#lx/%#lx", name, offset, size); 14.21 + snprintf(buffer, BUFFER_SIZE, "%s+%#lx/%#lx", name, offset, size); 14.22 14.23 printk(fmt, buffer); 14.24 }