External/libvirt
1
0
Fork 0
Code

Fixed buffer overflow in populating CPU<->VCPU mapping. Cleanup whitespace

Browse Source
This commit is contained in:
Daniel P. Berrange 2006-09-28 19:20:52 +00:00
parent 2cb26d70d6
commit 01ae3678f1
2 changed files with 53 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,13 @@
Thu Sep 21 10:19:02 EDT 2006 Daniel Berrange <berrange@redhat.com>
* src/xend_internal.c: Check if the physical CPU will fit in the maplen
provided by the caller when populating VCPU<->CPU mapping. This is because
XenD will return data for 32 physical CPUs, even if the box only has 4
CPUs. The caller of course will only have allocated a map big enough for
the actual number of physical CPUs. We simply check against maplen param
supplied by caller & discard info about CPUs which don't fit. Also santise
whitespace.
Fri Sep 22 11:02:48 CEST 2006 Daniel Veillard <veillard@redhat.com> Fri Sep 22 11:02:48 CEST 2006 Daniel Veillard <veillard@redhat.com>
* docs/* libvirt.spec.in configure.in NEWS: preparing release of 0.1.6 * docs/* libvirt.spec.in configure.in NEWS: preparing release of 0.1.6

9
src/xend_internal.c
View File

@ -2680,7 +2680,7 @@ xenDaemonDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
memset(cpumaps, 0, maxinfo * maplen); memset(cpumaps, 0, maxinfo * maplen);
/* scan the sexprs from "(vcpu (number x)...)" and get parameter values */ /* scan the sexprs from "(vcpu (number x)...)" and get parameter values */
for (s = root; s->kind == SEXPR_CONS; s = s->cdr) for (s = root; s->kind == SEXPR_CONS; s = s->cdr) {
if ((s->car->kind == SEXPR_CONS) && if ((s->car->kind == SEXPR_CONS) &&
(s->car->car->kind == SEXPR_VALUE) && (s->car->car->kind == SEXPR_VALUE) &&
!strcmp(s->car->car->value, "vcpu")) { !strcmp(s->car->car->value, "vcpu")) {
@ -2690,7 +2690,8 @@ xenDaemonDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
if (sexpr_int(t, "vcpu/running")) ipt->state = VIR_VCPU_RUNNING; if (sexpr_int(t, "vcpu/running")) ipt->state = VIR_VCPU_RUNNING;
if (sexpr_int(t, "vcpu/blocked")) ipt->state = VIR_VCPU_BLOCKED; if (sexpr_int(t, "vcpu/blocked")) ipt->state = VIR_VCPU_BLOCKED;
} }
else ipt->state = VIR_VCPU_OFFLINE; else
ipt->state = VIR_VCPU_OFFLINE;
ipt->cpuTime = sexpr_float(t, "vcpu/cpu_time") * 1000000000; ipt->cpuTime = sexpr_float(t, "vcpu/cpu_time") * 1000000000;
ipt->cpu = oln ? sexpr_int(t, "vcpu/cpu") : -1; ipt->cpu = oln ? sexpr_int(t, "vcpu/cpu") : -1;
@ -2708,9 +2709,10 @@ xenDaemonDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
for (t = t->car->cdr->car; t->kind == SEXPR_CONS; t = t->cdr) for (t = t->car->cdr->car; t->kind == SEXPR_CONS; t = t->cdr)
if (t->car->kind == SEXPR_VALUE) { if (t->car->kind == SEXPR_VALUE) {
cpu = strtol(t->car->value, NULL, 0); cpu = strtol(t->car->value, NULL, 0);
if (cpu >= 0) if (cpu >= 0 && (VIR_CPU_MAPLEN(cpu+1) <= maplen)) {
VIR_USE_CPU(cpumap, cpu); VIR_USE_CPU(cpumap, cpu);
} }
}
break; break;
} }
} }
@ -2718,6 +2720,7 @@ xenDaemonDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
if (++nbinfo == maxinfo) break; if (++nbinfo == maxinfo) break;
ipt++; ipt++;
} }
}
sexpr_free(root); sexpr_free(root);
return(nbinfo); return(nbinfo);
} }