From fb2716a19190201ffb8d1b20cd9002f166000478 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= Date: Thu, 25 Apr 2024 09:51:57 +0200 Subject: [PATCH] xen-livepatch: fix parameter name parsing MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit It's incorrect to restrict strncmp to the length of the command line input parameter, as then a user passing a rune like: % xen-livepatch up foo.livepatch Would match against the "upload" command, because the string comparison has been truncated to the length of the input argument. Use strcmp instead which doesn't truncate. Otherwise in order to keep using strncmp we would need to also check strings are of the same length before doing the comparison. Fixes: 05bb8afedede ('xen-xsplice: Tool to manipulate xsplice payloads') Signed-off-by: Roger Pau Monné Acked-by: Anthony PERARD --- tools/misc/xen-livepatch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/misc/xen-livepatch.c b/tools/misc/xen-livepatch.c index 5bf9d9a32b..2c4f69e596 100644 --- a/tools/misc/xen-livepatch.c +++ b/tools/misc/xen-livepatch.c @@ -572,13 +572,13 @@ int main(int argc, char *argv[]) return 0; } for ( i = 0; i < ARRAY_SIZE(main_options); i++ ) - if (!strncmp(main_options[i].name, argv[1], strlen(argv[1]))) + if (!strcmp(main_options[i].name, argv[1])) break; if ( i == ARRAY_SIZE(main_options) ) { for ( j = 0; j < ARRAY_SIZE(action_options); j++ ) - if (!strncmp(action_options[j].name, argv[1], strlen(argv[1]))) + if (!strcmp(action_options[j].name, argv[1])) break; if ( j == ARRAY_SIZE(action_options) ) -- 2.39.5