Hi, Sorry for separating emails.
On Tue, 27 Dec 2022 11:58:34 +0900 (JST) YASUOKA Masahiko <yasu...@openbsd.org> wrote: >> @@ -1115,12 +1116,19 @@ xs_kvop(void *xsc, int op, char *key, char *value, >> size_t valuelen) >> } >> /* FALLTHROUGH */ >> case XS_LIST: >> - for (i = 0; i < iov_cnt; i++) { >> - if (i && strlcat(value, "\n", valuelen) >= valuelen) >> - break; >> - if (strlcat(value, iovp[i].iov_base, >> - valuelen) >= valuelen) >> + for (i = pos = 0; i < iov_cnt; i++) { >> + if (i) { > > this is come from the previous, but I prefer comparing with 0 > > + if (i > 0) { > >> + if (pos + 1 >= valuelen) { >> + error = ERANGE; >> + break; >> + } >> + value[pos++] = '\n'; >> + } >> + if (strlen(iovp[i].iov_base) >= valuelen) { >> + error = ERANGE; >> break; >> + } >> + pos += strlcat(&value[pos], iovp[i].iov_base, valuelen >> - pos); >> } >> xs_resfree(&xst, iovp, iov_cnt); >> break; > Also I don't think replacing strlcat() by an own calculation is necessary. diff --git a/sys/dev/pv/xenstore.c b/sys/dev/pv/xenstore.c index 494eb40bfb0..01ecebdf4af 100644 --- a/sys/dev/pv/xenstore.c +++ b/sys/dev/pv/xenstore.c @@ -1116,11 +1116,16 @@ xs_kvop(void *xsc, int op, char *key, char *value, size_t valuelen) /* FALLTHROUGH */ case XS_LIST: for (i = 0; i < iov_cnt; i++) { - if (i && strlcat(value, "\n", valuelen) >= valuelen) + if (i > 0 && strlcat(value, "\n", valuelen) >= + valuelen) { + error = ERANGE; break; + } if (strlcat(value, iovp[i].iov_base, - valuelen) >= valuelen) + valuelen) >= valuelen) { + error = ERANGE; break; + } } xs_resfree(&xst, iovp, iov_cnt); break; @@ -1128,5 +1133,5 @@ xs_kvop(void *xsc, int op, char *key, char *value, size_t valuelen) break; } - return (0); + return (error); }