xl: NULL terminate buf when reading dom0 /proc/uptime

The contents of /proc/uptime is typically something like "80164.57
640617.58", so the existing 512 byte buffer is more than large enoguh,
so reduce its effective size to 511 bytes and ensure we include a
NULL.

Otherwise Coverity points out that we pass a potentially unterminated
string to strtok. In practice this likely doesn't actually cause
issues (at least on Linux) because the
string should always contain a space so we will stop parsing.

CID: 105590

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c
index 4c03b2e76daaeb074809d3d024a7614ff335a558..990d3c9f3af020c0afd1e9f803dd307a4ac2cd12 100644 (file)
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
@@ -6963,6 +6963,7 @@ static char *current_time_to_string(time_t now)
 static void print_dom0_uptime(int short_mode, time_t now)
 {
     int fd;
+    ssize_t nr;
     char buf[512];
     uint32_t uptime = 0;
     char *uptime_str = NULL;
@@ -6973,12 +6974,15 @@ static void print_dom0_uptime(int short_mode, time_t now)
     if (fd == -1)
         goto err;
 
-    if (read(fd, buf, sizeof(buf)) == -1) {
+    nr = read(fd, buf, sizeof(buf) - 1);
+    if (nr == -1) {
         close(fd);
         goto err;
     }
     close(fd);
 
+    buf[nr] = '\0';
+
     strtok(buf, " ");
     uptime = strtoul(buf, NULL, 10);