From: Juergen Gross <jgross@suse.com>
Date: Tue, 6 Dec 2016 06:41:54 +0000 (+0100)
Subject: tools/xenstore: avoid unterminated string in xs_directory_part()
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~3271
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=e25ddb6dae04823aeef2c07907d3f0377a905cdd;p=xen.git

tools/xenstore: avoid unterminated string in xs_directory_part()

Commit d4016288ab1f ("xenstore: support XS_DIRECTORY_PART in
libxenstore") introduced a theoretical bug: the generation count of
the read node is transferred via strncpy without forcing a NUL byte
at the end. Correct this.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/tools/xenstore/xs.c b/tools/xenstore/xs.c
index e462a20f67..3ce7157fed 100644
--- a/tools/xenstore/xs.c
+++ b/tools/xenstore/xs.c
@@ -589,7 +589,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
 	struct iovec iovec[2];
 	char *result = NULL, *strings = NULL;
 
-	gen[0] = 0;
+	memset(gen, 0, sizeof(gen));
 	iovec[0].iov_base = (void *)path;
 	iovec[0].iov_len = strlen(path) + 1;
 
@@ -616,7 +616,7 @@ static char **xs_directory_part(struct xs_handle *h, xs_transaction_t t,
 				continue;
 			}
 		} else
-			strncpy(gen, result, sizeof(gen));
+			strncpy(gen, result, sizeof(gen) - 1);
 
 		result_len -= strlen(result) + 1;
 		strings = realloc(strings, off + result_len);