ia64/xen-unstable

changeset 16870:edc268331a9e

ioemu: Improve xenstore_read_vncpasswd().
From: Peter Johnston <peter.johnston@citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Jan 24 14:33:46 2008 +0000 (2008-01-24)
parents db620f1c9d30
children 5e60a38ffcf2
files tools/ioemu/xenstore.c
line diff
     1.1 --- a/tools/ioemu/xenstore.c	Thu Jan 24 14:29:13 2008 +0000
     1.2 +++ b/tools/ioemu/xenstore.c	Thu Jan 24 14:33:46 2008 +0000
     1.3 @@ -492,7 +492,7 @@ void xenstore_write_vncport(int display)
     1.4  void xenstore_read_vncpasswd(int domid, char *pwbuf, size_t pwbuflen)
     1.5  {
     1.6      char *buf = NULL, *path, *uuid = NULL, *passwd = NULL;
     1.7 -    unsigned int i, len, rc = 0;
     1.8 +    unsigned int i, len;
     1.9  
    1.10      pwbuf[0] = '\0';
    1.11  
    1.12 @@ -506,33 +506,38 @@ void xenstore_read_vncpasswd(int domid, 
    1.13      }
    1.14  
    1.15      pasprintf(&buf, "%s/vm", path);
    1.16 +    free(path);
    1.17      uuid = xs_read(xsh, XBT_NULL, buf, &len);
    1.18      if (uuid == NULL) {
    1.19          fprintf(logfile, "xs_read(): uuid get error. %s.\n", buf);
    1.20 -        free(path);
    1.21 +        free(buf);
    1.22          return;
    1.23      }
    1.24  
    1.25      pasprintf(&buf, "%s/vncpasswd", uuid);
    1.26 +    free(uuid);
    1.27      passwd = xs_read(xsh, XBT_NULL, buf, &len);
    1.28      if (passwd == NULL) {
    1.29          fprintf(logfile, "xs_read(): vncpasswd get error. %s.\n", buf);
    1.30 -        free(uuid);
    1.31 -        free(path);
    1.32 +        free(buf);
    1.33          return;
    1.34      }
    1.35  
    1.36 -    for (i=0; i<len && i<pwbuflen; i++)
    1.37 +    if (len >= pwbuflen)
    1.38 +    {
    1.39 +        fprintf(logfile, "xenstore_read_vncpasswd(): truncated password to avoid buffer overflow\n");
    1.40 +        len = pwbuflen - 1;
    1.41 +    }
    1.42 +
    1.43 +    for (i=0; i<len; i++)
    1.44          pwbuf[i] = passwd[i];
    1.45 -    pwbuf[len < (pwbuflen-1) ? len : (pwbuflen-1)] = '\0';
    1.46 +    pwbuf[len] = '\0';
    1.47      passwd[0] = '\0';
    1.48 -    pasprintf(&buf, "%s/vncpasswd", uuid);
    1.49 -    if (xs_write(xsh, XBT_NULL, buf, passwd, len) == 0)
    1.50 +    if (xs_write(xsh, XBT_NULL, buf, passwd, 1) == 0)
    1.51          fprintf(logfile, "xs_write() vncpasswd failed.\n");
    1.52  
    1.53      free(passwd);
    1.54 -    free(uuid);
    1.55 -    free(path);
    1.56 +    free(buf);
    1.57  }
    1.58  
    1.59