Hi,
Sorry for separating emails.
On Tue, 27 Dec 2022 11:58:34 +0900 (JST)
YASUOKA Masahiko <yasu...@openbsd.org> wrote:
>> @@ -1115,12 +1116,19 @@ xs_kvop(void *xsc, int op, char *key, char *value,
>> size_t valuelen)
>> }
>> /* FALLTHROUGH */
>> case XS_LIST:
>> - for (i = 0; i < iov_cnt; i++) {
>> - if (i && strlcat(value, "\n", valuelen) >= valuelen)
>> - break;
>> - if (strlcat(value, iovp[i].iov_base,
>> - valuelen) >= valuelen)
>> + for (i = pos = 0; i < iov_cnt; i++) {
>> + if (i) {
>
> this is come from the previous, but I prefer comparing with 0
>
> + if (i > 0) {
>
>> + if (pos + 1 >= valuelen) {
>> + error = ERANGE;
>> + break;
>> + }
>> + value[pos++] = '\n';
>> + }
>> + if (strlen(iovp[i].iov_base) >= valuelen) {
>> + error = ERANGE;
>> break;
>> + }
>> + pos += strlcat(&value[pos], iovp[i].iov_base, valuelen
>> - pos);
>> }
>> xs_resfree(&xst, iovp, iov_cnt);
>> break;
>
Also I don't think replacing strlcat() by an own calculation is necessary.
diff --git a/sys/dev/pv/xenstore.c b/sys/dev/pv/xenstore.c
index 494eb40bfb0..01ecebdf4af 100644
--- a/sys/dev/pv/xenstore.c
+++ b/sys/dev/pv/xenstore.c
@@ -1116,11 +1116,16 @@ xs_kvop(void *xsc, int op, char *key, char *value,
size_t valuelen)
/* FALLTHROUGH */
case XS_LIST:
for (i = 0; i < iov_cnt; i++) {
- if (i && strlcat(value, "\n", valuelen) >= valuelen)
+ if (i > 0 && strlcat(value, "\n", valuelen) >=
+ valuelen) {
+ error = ERANGE;
break;
+ }
if (strlcat(value, iovp[i].iov_base,
- valuelen) >= valuelen)
+ valuelen) >= valuelen) {
+ error = ERANGE;
break;
+ }
}
xs_resfree(&xst, iovp, iov_cnt);
break;
@@ -1128,5 +1133,5 @@ xs_kvop(void *xsc, int op, char *key, char *value, size_t
valuelen)
break;
}
- return (0);
+ return (error);
}
