ia64/xen-unstable

changeset 13685:b2c1eeee2dcf

Replace sprintf with snprintf and strncpy with strlcpy.

There are various cases where no NULL-terminated strings are
guaranteed and eventual possible overflows. This patch fixes them.

From: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Mon Jan 29 10:52:17 2007 +0000 (2007-01-29)
parents f8ddcb758117
children 5d9b72e640e0
files xen/arch/x86/cpu/centaur.c xen/arch/x86/cpu/common.c xen/arch/x86/domain_build.c xen/arch/x86/hvm/intercept.c xen/arch/x86/oprofile/nmi_int.c xen/arch/x86/setup.c xen/arch/x86/time.c xen/common/gdbstub.c xen/common/kernel.c xen/common/keyhandler.c xen/common/libelf/libelf-dominfo.c xen/common/perfc.c xen/common/rangeset.c xen/common/symbols.c
line diff
     1.1 --- a/xen/arch/x86/cpu/centaur.c	Sun Jan 28 19:02:00 2007 +0000
     1.2 +++ b/xen/arch/x86/cpu/centaur.c	Mon Jan 29 10:52:17 2007 +0000
     1.3 @@ -437,7 +437,8 @@ static void __init init_centaur(struct c
     1.4  				/* Add L1 data and code cache sizes. */
     1.5  				c->x86_cache_size = (cc>>24)+(dd>>24);
     1.6  			}
     1.7 -			sprintf( c->x86_model_id, "WinChip %s", name );
     1.8 +			snprintf( c->x86_model_id, sizeof(c->x86_model_id),
     1.9 +				"WinChip %s", name );
    1.10  			break;
    1.11  
    1.12  		case 6:
     2.1 --- a/xen/arch/x86/cpu/common.c	Sun Jan 28 19:02:00 2007 +0000
     2.2 +++ b/xen/arch/x86/cpu/common.c	Mon Jan 29 10:52:17 2007 +0000
     2.3 @@ -386,8 +386,8 @@ void __devinit identify_cpu(struct cpuin
     2.4  			strcpy(c->x86_model_id, p);
     2.5  		else
     2.6  			/* Last resort... */
     2.7 -			sprintf(c->x86_model_id, "%02x/%02x",
     2.8 -				c->x86_vendor, c->x86_model);
     2.9 +			snprintf(c->x86_model_id, sizeof(c->x86_model_id),
    2.10 +				"%02x/%02x", c->x86_vendor, c->x86_model);
    2.11  	}
    2.12  
    2.13  	/* Now the feature flags better reflect actual CPU features! */
     3.1 --- a/xen/arch/x86/domain_build.c	Sun Jan 28 19:02:00 2007 +0000
     3.2 +++ b/xen/arch/x86/domain_build.c	Mon Jan 29 10:52:17 2007 +0000
     3.3 @@ -821,7 +821,7 @@ int construct_dom0(struct domain *d,
     3.4      si->pt_base      = vpt_start + 2 * PAGE_SIZE * !!IS_COMPAT(d);
     3.5      si->nr_pt_frames = nr_pt_pages;
     3.6      si->mfn_list     = vphysmap_start;
     3.7 -    sprintf(si->magic, "xen-%i.%i-x86_%d%s",
     3.8 +    snprintf(si->magic, sizeof(si->magic), "xen-%i.%i-x86_%d%s",
     3.9              xen_major_version(), xen_minor_version(),
    3.10              elf_64bit(&elf) ? 64 : 32,
    3.11              parms.pae ? "p" : "");
    3.12 @@ -871,7 +871,7 @@ int construct_dom0(struct domain *d,
    3.13  
    3.14      memset(si->cmd_line, 0, sizeof(si->cmd_line));
    3.15      if ( cmdline != NULL )
    3.16 -        strncpy((char *)si->cmd_line, cmdline, sizeof(si->cmd_line)-1);
    3.17 +        strlcpy((char *)si->cmd_line, cmdline, sizeof(si->cmd_line));
    3.18  
    3.19      if ( fill_console_start_info((void *)(si + 1)) )
    3.20      {
     4.1 --- a/xen/arch/x86/hvm/intercept.c	Sun Jan 28 19:02:00 2007 +0000
     4.2 +++ b/xen/arch/x86/hvm/intercept.c	Mon Jan 29 10:52:17 2007 +0000
     4.3 @@ -173,7 +173,7 @@ int hvm_register_savevm(struct domain *d
     4.4          return -1;
     4.5      }
     4.6  
     4.7 -    strncpy(se->idstr, idstr, HVM_SE_IDSTR_LEN);
     4.8 +    strlcpy(se->idstr, idstr, HVM_SE_IDSTR_LEN);
     4.9  
    4.10      se->instance_id = instance_id;
    4.11      se->version_id = version_id;
     5.1 --- a/xen/arch/x86/oprofile/nmi_int.c	Sun Jan 28 19:02:00 2007 +0000
     5.2 +++ b/xen/arch/x86/oprofile/nmi_int.c	Mon Jan 29 10:52:17 2007 +0000
     5.3 @@ -22,6 +22,7 @@
     5.4  #include <asm/regs.h>
     5.5  #include <asm/current.h>
     5.6  #include <xen/delay.h>
     5.7 +#include <xen/string.h>
     5.8   
     5.9  #include "op_counter.h"
    5.10  #include "op_x86_model.h"
    5.11 @@ -39,7 +40,6 @@ extern int is_active(struct domain *d);
    5.12  extern int active_id(struct domain *d);
    5.13  extern int is_profiled(struct domain *d);
    5.14  
    5.15 -extern size_t strlcpy(char *dest, const char *src, size_t size);
    5.16  
    5.17  
    5.18  static int nmi_callback(struct cpu_user_regs *regs, int cpu)
    5.19 @@ -276,20 +276,20 @@ static int __init p4_init(char * cpu_typ
    5.20  	}
    5.21  
    5.22  #ifndef CONFIG_SMP
    5.23 -	strncpy (cpu_type, "i386/p4", XENOPROF_CPU_TYPE_SIZE - 1);
    5.24 +	strlcpy (cpu_type, "i386/p4", XENOPROF_CPU_TYPE_SIZE);
    5.25  	model = &op_p4_spec;
    5.26  	return 1;
    5.27  #else
    5.28  	switch (smp_num_siblings) {
    5.29  		case 1:
    5.30 -			strncpy (cpu_type, "i386/p4", 
    5.31 -				 XENOPROF_CPU_TYPE_SIZE - 1);
    5.32 +			strlcpy (cpu_type, "i386/p4", 
    5.33 +				 XENOPROF_CPU_TYPE_SIZE);
    5.34  			model = &op_p4_spec;
    5.35  			return 1;
    5.36  
    5.37  		case 2:
    5.38 -			strncpy (cpu_type, "i386/p4-ht", 
    5.39 -				 XENOPROF_CPU_TYPE_SIZE - 1);
    5.40 +			strlcpy (cpu_type, "i386/p4-ht", 
    5.41 +				 XENOPROF_CPU_TYPE_SIZE);
    5.42  			model = &op_p4_ht2_spec;
    5.43  			return 1;
    5.44  	}
    5.45 @@ -311,17 +311,17 @@ static int __init ppro_init(char *cpu_ty
    5.46  		return 0;
    5.47  	}
    5.48  	else if (cpu_model == 15)
    5.49 -		strncpy (cpu_type, "i386/core_2", XENOPROF_CPU_TYPE_SIZE - 1);
    5.50 +		strlcpy (cpu_type, "i386/core_2", XENOPROF_CPU_TYPE_SIZE);
    5.51  	else if (cpu_model == 14)
    5.52 -		strncpy (cpu_type, "i386/core", XENOPROF_CPU_TYPE_SIZE - 1);
    5.53 +		strlcpy (cpu_type, "i386/core", XENOPROF_CPU_TYPE_SIZE);
    5.54  	else if (cpu_model == 9)
    5.55 -		strncpy (cpu_type, "i386/p6_mobile", XENOPROF_CPU_TYPE_SIZE - 1);
    5.56 +		strlcpy (cpu_type, "i386/p6_mobile", XENOPROF_CPU_TYPE_SIZE);
    5.57  	else if (cpu_model > 5)
    5.58 -		strncpy (cpu_type, "i386/piii", XENOPROF_CPU_TYPE_SIZE - 1);
    5.59 +		strlcpy (cpu_type, "i386/piii", XENOPROF_CPU_TYPE_SIZE);
    5.60  	else if (cpu_model > 2)
    5.61 -		strncpy (cpu_type, "i386/pii", XENOPROF_CPU_TYPE_SIZE - 1);
    5.62 +		strlcpy (cpu_type, "i386/pii", XENOPROF_CPU_TYPE_SIZE);
    5.63  	else
    5.64 -		strncpy (cpu_type, "i386/ppro", XENOPROF_CPU_TYPE_SIZE - 1);
    5.65 +		strlcpy (cpu_type, "i386/ppro", XENOPROF_CPU_TYPE_SIZE);
    5.66  
    5.67  	model = &op_ppro_spec;
    5.68  	return 1;
    5.69 @@ -346,9 +346,6 @@ int nmi_init(int *num_events, int *is_pr
    5.70  		}
    5.71  	}
    5.72   
    5.73 -	/* Make sure string is NULL terminated */
    5.74 -	cpu_type[XENOPROF_CPU_TYPE_SIZE - 1] = 0;
    5.75 -
    5.76  	switch (vendor) {
    5.77  		case X86_VENDOR_AMD:
    5.78  			/* Needs to be at least an Athlon (or hammer in 32bit mode) */
    5.79 @@ -361,15 +358,15 @@ int nmi_init(int *num_events, int *is_pr
    5.80  				return -ENODEV;
    5.81  			case 6:
    5.82  				model = &op_athlon_spec;
    5.83 -				strncpy (cpu_type, "i386/athlon", 
    5.84 -					 XENOPROF_CPU_TYPE_SIZE - 1);
    5.85 +				strlcpy (cpu_type, "i386/athlon", 
    5.86 +					 XENOPROF_CPU_TYPE_SIZE);
    5.87  				break;
    5.88  			case 0xf:
    5.89  				model = &op_athlon_spec;
    5.90  				/* Actually it could be i386/hammer too, but give
    5.91  				   user space an consistent name. */
    5.92 -				strncpy (cpu_type, "x86-64/hammer", 
    5.93 -					 XENOPROF_CPU_TYPE_SIZE - 1);
    5.94 +				strlcpy (cpu_type, "x86-64/hammer", 
    5.95 +					 XENOPROF_CPU_TYPE_SIZE);
    5.96  				break;
    5.97  			}
    5.98  			break;
     6.1 --- a/xen/arch/x86/setup.c	Sun Jan 28 19:02:00 2007 +0000
     6.2 +++ b/xen/arch/x86/setup.c	Mon Jan 29 10:52:17 2007 +0000
     6.3 @@ -111,8 +111,7 @@ char acpi_param[10] = "";
     6.4  static void parse_acpi_param(char *s)
     6.5  {
     6.6      /* Save the parameter so it can be propagated to domain0. */
     6.7 -    strncpy(acpi_param, s, sizeof(acpi_param));
     6.8 -    acpi_param[sizeof(acpi_param)-1] = '\0';
     6.9 +    strlcpy(acpi_param, s, sizeof(acpi_param));
    6.10  
    6.11      /* Interpret the parameter for use within Xen. */
    6.12      if ( !strcmp(s, "off") )
    6.13 @@ -804,35 +803,57 @@ void __init __start_xen(multiboot_info_t
    6.14  void arch_get_xen_caps(xen_capabilities_info_t info)
    6.15  {
    6.16      char *p = info;
    6.17 +    int i = 0;
    6.18      int major = xen_major_version();
    6.19      int minor = xen_minor_version();
    6.20  
    6.21  #if defined(CONFIG_X86_32) && !defined(CONFIG_X86_PAE)
    6.22  
    6.23 -    p += sprintf(p, "xen-%d.%d-x86_32 ", major, minor);
    6.24 -    if ( hvm_enabled )
    6.25 -        p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor);
    6.26 +    i = snprintf(p, sizeof(xen_capabilities_info_t),
    6.27 +                 "xen-%d.%d-x86_32 ", major, minor);
    6.28 +    p += i;
    6.29 +    if ( hvm_enabled ) {
    6.30 +        i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.31 +		"hvm-%d.%d-x86_32 ", major, minor);
    6.32 +	p += i;
    6.33 +    }
    6.34  
    6.35  #elif defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
    6.36  
    6.37 -    p += sprintf(p, "xen-%d.%d-x86_32p ", major, minor);
    6.38 +    i = snprintf(p, sizeof(xen_capabilities_info_t),
    6.39 +                 "xen-%d.%d-x86_32p ", major, minor);
    6.40 +    p += i;
    6.41      if ( hvm_enabled )
    6.42      {
    6.43 -        p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor);
    6.44 -        p += sprintf(p, "hvm-%d.%d-x86_32p ", major, minor);
    6.45 +        i = snprintf(p, sizeof(xen_capabilities_info_t),
    6.46 +                     "hvm-%d.%d-x86_32 ", major, minor);
    6.47 +        p += i;
    6.48 +        i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.49 +                     "hvm-%d.%d-x86_32p ", major, minor);
    6.50 +        p += i;
    6.51      }
    6.52  
    6.53  #elif defined(CONFIG_X86_64)
    6.54  
    6.55 -    p += sprintf(p, "xen-%d.%d-x86_64 ", major, minor);
    6.56 +    i = snprintf(p, sizeof(xen_capabilities_info_t),
    6.57 +                 "xen-%d.%d-x86_64 ", major, minor);
    6.58 +    p += i;
    6.59  #ifdef CONFIG_COMPAT
    6.60 -    p += sprintf(p, "xen-%d.%d-x86_32p ", major, minor);
    6.61 +    i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.62 +                "xen-%d.%d-x86_32p ", major, minor);
    6.63 +    p += i;
    6.64  #endif
    6.65      if ( hvm_enabled )
    6.66      {
    6.67 -        p += sprintf(p, "hvm-%d.%d-x86_32 ", major, minor);
    6.68 -        p += sprintf(p, "hvm-%d.%d-x86_32p ", major, minor);
    6.69 -        p += sprintf(p, "hvm-%d.%d-x86_64 ", major, minor);
    6.70 +        i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.71 +                     "hvm-%d.%d-x86_32 ", major, minor);
    6.72 +        p += i;
    6.73 +        i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.74 +                     "hvm-%d.%d-x86_32p ", major, minor);
    6.75 +        p += i;
    6.76 +        i = snprintf(p, sizeof(xen_capabilities_info_t) - i,
    6.77 +                     "hvm-%d.%d-x86_64 ", major, minor);
    6.78 +        p += i;
    6.79      }
    6.80  
    6.81  #else
     7.1 --- a/xen/arch/x86/time.c	Sun Jan 28 19:02:00 2007 +0000
     7.2 +++ b/xen/arch/x86/time.c	Mon Jan 29 10:52:17 2007 +0000
     7.3 @@ -274,7 +274,7 @@ static char *freq_string(u64 freq)
     7.4      unsigned int x, y;
     7.5      y = (unsigned int)do_div(freq, 1000000) / 1000;
     7.6      x = (unsigned int)freq;
     7.7 -    sprintf(s, "%u.%03uMHz", x, y);
     7.8 +    snprintf(s, sizeof(s), "%u.%03uMHz", x, y);
     7.9      return s;
    7.10  }
    7.11  
     8.1 --- a/xen/common/gdbstub.c	Sun Jan 28 19:02:00 2007 +0000
     8.2 +++ b/xen/common/gdbstub.c	Mon Jan 29 10:52:17 2007 +0000
     8.3 @@ -268,7 +268,7 @@ gdb_send_packet(struct gdb_context *ctx)
     8.4      char buf[3];
     8.5      int count;
     8.6  
     8.7 -    sprintf(buf, "%.02x\n", ctx->out_csum);
     8.8 +    snprintf(buf, sizeof(buf), "%.02x\n", ctx->out_csum);
     8.9  
    8.10      gdb_write_to_packet_char('#', ctx);
    8.11      gdb_write_to_packet(buf, 2, ctx);
     9.1 --- a/xen/common/kernel.c	Sun Jan 28 19:02:00 2007 +0000
     9.2 +++ b/xen/common/kernel.c	Mon Jan 29 10:52:17 2007 +0000
     9.3 @@ -72,8 +72,7 @@ void cmdline_parse(char *cmdline)
     9.4              switch ( param->type )
     9.5              {
     9.6              case OPT_STR:
     9.7 -                strncpy(param->var, optval, param->len);
     9.8 -                ((char *)param->var)[param->len-1] = '\0';
     9.9 +                strlcpy(param->var, optval, param->len);
    9.10                  break;
    9.11              case OPT_UINT:
    9.12                  *(unsigned int *)param->var =
    10.1 --- a/xen/common/keyhandler.c	Sun Jan 28 19:02:00 2007 +0000
    10.2 +++ b/xen/common/keyhandler.c	Mon Jan 29 10:52:17 2007 +0000
    10.3 @@ -67,7 +67,7 @@ void register_keyhandler(
    10.4      ASSERT(key_table[key].u.handler == NULL);
    10.5      key_table[key].u.handler = handler;
    10.6      key_table[key].flags     = 0;
    10.7 -    strncpy(key_table[key].desc, desc, STR_MAX);
    10.8 +    strlcpy(key_table[key].desc, desc, STR_MAX);
    10.9      key_table[key].desc[STR_MAX-1] = '\0';
   10.10  }
   10.11  
   10.12 @@ -77,8 +77,7 @@ void register_irq_keyhandler(
   10.13      ASSERT(key_table[key].u.irq_handler == NULL);
   10.14      key_table[key].u.irq_handler = handler;
   10.15      key_table[key].flags         = KEYHANDLER_IRQ_CALLBACK;
   10.16 -    strncpy(key_table[key].desc, desc, STR_MAX);
   10.17 -    key_table[key].desc[STR_MAX-1] = '\0';
   10.18 +    strlcpy(key_table[key].desc, desc, STR_MAX);
   10.19  }
   10.20  
   10.21  static void show_handlers(unsigned char key)
    11.1 --- a/xen/common/libelf/libelf-dominfo.c	Sun Jan 28 19:02:00 2007 +0000
    11.2 +++ b/xen/common/libelf/libelf-dominfo.c	Mon Jan 29 10:52:17 2007 +0000
    11.3 @@ -128,16 +128,16 @@ int elf_xen_parse_note(struct elf_binary
    11.4      switch (type)
    11.5      {
    11.6      case XEN_ELFNOTE_LOADER:
    11.7 -	strncpy(parms->loader, str, sizeof(parms->loader));
    11.8 +	strlcpy(parms->loader, str, sizeof(parms->loader));
    11.9  	break;
   11.10      case XEN_ELFNOTE_GUEST_OS:
   11.11 -	strncpy(parms->guest_os, str, sizeof(parms->guest_os));
   11.12 +	strlcpy(parms->guest_os, str, sizeof(parms->guest_os));
   11.13  	break;
   11.14      case XEN_ELFNOTE_GUEST_VERSION:
   11.15 -	strncpy(parms->guest_ver, str, sizeof(parms->guest_ver));
   11.16 +	strlcpy(parms->guest_ver, str, sizeof(parms->guest_ver));
   11.17  	break;
   11.18      case XEN_ELFNOTE_XEN_VERSION:
   11.19 -	strncpy(parms->xen_ver, str, sizeof(parms->xen_ver));
   11.20 +	strlcpy(parms->xen_ver, str, sizeof(parms->xen_ver));
   11.21  	break;
   11.22      case XEN_ELFNOTE_PAE_MODE:
   11.23  	if (0 == strcmp(str, "yes"))
   11.24 @@ -224,13 +224,13 @@ int elf_xen_parse_guest_info(struct elf_
   11.25  
   11.26  	/* strings */
   11.27  	if (0 == strcmp(name, "LOADER"))
   11.28 -	    strncpy(parms->loader, value, sizeof(parms->loader));
   11.29 +	    strlcpy(parms->loader, value, sizeof(parms->loader));
   11.30  	if (0 == strcmp(name, "GUEST_OS"))
   11.31 -	    strncpy(parms->guest_os, value, sizeof(parms->guest_os));
   11.32 +	    strlcpy(parms->guest_os, value, sizeof(parms->guest_os));
   11.33  	if (0 == strcmp(name, "GUEST_VER"))
   11.34 -	    strncpy(parms->guest_ver, value, sizeof(parms->guest_ver));
   11.35 +	    strlcpy(parms->guest_ver, value, sizeof(parms->guest_ver));
   11.36  	if (0 == strcmp(name, "XEN_VER"))
   11.37 -	    strncpy(parms->xen_ver, value, sizeof(parms->xen_ver));
   11.38 +	    strlcpy(parms->xen_ver, value, sizeof(parms->xen_ver));
   11.39  	if (0 == strcmp(name, "PAE"))
   11.40  	{
   11.41  	    if (0 == strcmp(value, "yes[extended-cr3]"))
    12.1 --- a/xen/common/perfc.c	Sun Jan 28 19:02:00 2007 +0000
    12.2 +++ b/xen/common/perfc.c	Mon Jan 29 10:52:17 2007 +0000
    12.3 @@ -148,9 +148,8 @@ static int perfc_copy_info(XEN_GUEST_HAN
    12.4      {
    12.5          for ( i = 0; i < NR_PERFCTRS; i++ )
    12.6          {
    12.7 -            strncpy(perfc_d[i].name, perfc_info[i].name,
    12.8 +            strlcpy(perfc_d[i].name, perfc_info[i].name,
    12.9                      sizeof(perfc_d[i].name));
   12.10 -            perfc_d[i].name[sizeof(perfc_d[i].name)-1] = '\0';
   12.11  
   12.12              switch ( perfc_info[i].type )
   12.13              {
    13.1 --- a/xen/common/rangeset.c	Sun Jan 28 19:02:00 2007 +0000
    13.2 +++ b/xen/common/rangeset.c	Mon Jan 29 10:52:17 2007 +0000
    13.3 @@ -283,12 +283,11 @@ struct rangeset *rangeset_new(
    13.4  
    13.5      if ( name != NULL )
    13.6      {
    13.7 -        strncpy(r->name, name, sizeof(r->name));
    13.8 -        r->name[sizeof(r->name)-1] = '\0';
    13.9 +        strlcpy(r->name, name, sizeof(r->name));
   13.10      }
   13.11      else
   13.12      {
   13.13 -        sprintf(r->name, "(no name)");
   13.14 +        snprintf(r->name, sizeof(r->name), "(no name)");
   13.15      }
   13.16  
   13.17      if ( (r->domain = d) != NULL )
    14.1 --- a/xen/common/symbols.c	Sun Jan 28 19:02:00 2007 +0000
    14.2 +++ b/xen/common/symbols.c	Mon Jan 29 10:52:17 2007 +0000
    14.3 @@ -142,15 +142,17 @@ void __print_symbol(const char *fmt, uns
    14.4      const char *name;
    14.5      unsigned long offset, size;
    14.6      char namebuf[KSYM_NAME_LEN+1];
    14.7 -    char buffer[sizeof("%s+%#lx/%#lx [%s]") + KSYM_NAME_LEN +
    14.8 -               2*(BITS_PER_LONG*3/10) + 1];
    14.9 +
   14.10 +#define BUFFER_SIZE sizeof("%s+%#lx/%#lx [%s]") + KSYM_NAME_LEN + \
   14.11 +			2*(BITS_PER_LONG*3/10) + 1
   14.12 +    char buffer[BUFFER_SIZE];
   14.13  
   14.14      name = symbols_lookup(address, &size, &offset, namebuf);
   14.15  
   14.16      if (!name)
   14.17 -        sprintf(buffer, "???");
   14.18 +        snprintf(buffer, BUFFER_SIZE, "???");
   14.19      else
   14.20 -        sprintf(buffer, "%s+%#lx/%#lx", name, offset, size);
   14.21 +        snprintf(buffer, BUFFER_SIZE, "%s+%#lx/%#lx", name, offset, size);
   14.22  
   14.23      printk(fmt, buffer);
   14.24  }