External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Fixes for commit 211dd1e9

Browse Source 
Fixes for issues in commit 211dd1e9 noted by by Jim Meyering.

1. Allocate content buffer of size content_length + 1 to ensure
   NUL-termination.
2. Limit content buffer size to 64k
3. Fix whitespace issue

V2:
  - Add comment to clarify allocation of content buffer
  - Add ATTRIBUTE_NONNULL where appropriate
  - User NULLSTR macro
This commit is contained in:
Jim Fehlig 2010-06-04 10:04:03 -06:00
parent fc6d5b2649
commit b1eb7f2e98
1 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/xen/xend_internal.c
View File

@ -68,6 +68,7 @@
# define XEND_CONFIG_MIN_VERS_PVFB_NEWCONF 3 # define XEND_CONFIG_MIN_VERS_PVFB_NEWCONF 3
#endif #endif
#define XEND_RCV_BUF_MAX_LEN 65536
#ifndef PROXY #ifndef PROXY
static int static int
@ -310,7 +311,7 @@ istartswith(const char *haystack, const char *needle)
* Returns the HTTP return code and @content is set to the * Returns the HTTP return code and @content is set to the
* allocated memory containing HTTP content. * allocated memory containing HTTP content.
*/ */
static int static int ATTRIBUTE_NONNULL (2)
xend_req(int fd, char **content) xend_req(int fd, char **content)
{ {
char buffer[4096]; char buffer[4096];
@ -330,7 +331,19 @@ xend_req(int fd, char **content)
if (content_length > 0) { if (content_length > 0) {
ssize_t ret; ssize_t ret;
if (VIR_ALLOC_N(*content, content_length) < 0 ) { if (content_length > XEND_RCV_BUF_MAX_LEN) {
virXendError(VIR_ERR_INTERNAL_ERROR,
_("Xend returned HTTP Content-Length of %d, "
"which exceeds maximum of %d"),
content_length,
XEND_RCV_BUF_MAX_LEN);
return -1;
}
/* Allocate one byte beyond the end of the largest buffer we will read.
Combined with the fact that VIR_ALLOC_N zeros the returned buffer,
this guarantees that "content" will always be NUL-terminated. */
if (VIR_ALLOC_N(*content, content_length + 1) < 0 ) {
virReportOOMError(); virReportOOMError();
return -1; return -1;
} }
@ -353,7 +366,7 @@ xend_req(int fd, char **content)
* *
* Returns the HTTP return code or -1 in case or error. * Returns the HTTP return code or -1 in case or error.
*/ */
static int static int ATTRIBUTE_NONNULL(3)
xend_get(virConnectPtr xend, const char *path, xend_get(virConnectPtr xend, const char *path,
char **content) char **content)
{ {
@ -379,8 +392,7 @@ xend_get(virConnectPtr xend, const char *path,
((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) { ((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) {
virXendError(VIR_ERR_GET_FAILED, virXendError(VIR_ERR_GET_FAILED,
_("%d status from xen daemon: %s:%s"), _("%d status from xen daemon: %s:%s"),
ret, path, ret, path, NULLSTR(*content));
content ? *content: "NULL");
} }
return ret; return ret;