subject:"\[Xen\-devel\] \[PATCH\] tools\/xenstored\: Check number of strings passed to do_control\(\)"

Re: [Xen-devel] [PATCH] tools/xenstored: Check number of strings passed to do_control()

2017-10-30 Thread Wei Liu

On Fri, Oct 27, 2017 at 04:32:15PM +, Pawel Wieczorkiewicz wrote: > It is possible to send a zero-string message body to xenstore's > XS_CONTROL handling function. Then the number of strings is used > for an array allocation. This leads to a crash in strcmp() in a > CONTROL sub-command

Re: [Xen-devel] [PATCH] tools/xenstored: Check number of strings passed to do_control()

2017-10-27 Thread Juergen Gross

On 27/10/17 18:32, Pawel Wieczorkiewicz wrote: > It is possible to send a zero-string message body to xenstore's > XS_CONTROL handling function. Then the number of strings is used > for an array allocation. This leads to a crash in strcmp() in a > CONTROL sub-command invocation loop. > The output

[Xen-devel] [PATCH] tools/xenstored: Check number of strings passed to do_control()

2017-10-27 Thread Pawel Wieczorkiewicz

It is possible to send a zero-string message body to xenstore's XS_CONTROL handling function. Then the number of strings is used for an array allocation. This leads to a crash in strcmp() in a CONTROL sub-command invocation loop. The output of xs_count_string() should be verified and all 0 or