dgit.raspbian.org Git - xen.git/commit

author	Ian Campbell <ian.campbell@citrix.com>
	Thu, 6 Nov 2014 13:59:43 +0000 (13:59 +0000)
committer	Ian Jackson <Ian.Jackson@eu.citrix.com>
	Thu, 6 Nov 2014 16:32:11 +0000 (16:32 +0000)
commit	5a430eca0b27354456d1245ed3f637d5f2e17883
tree	591cb0992120b2aa77e0acf11304d74cd4751171	tree \| snapshot
parent	379b351889a8f02abe30a06e2ce9ba8b381b91ab	commit \| diff

tools: libxl: do not overrun input buffer in libxl__parse_mac

Valgrind reports:
==7971== Invalid read of size 1
==7971==    at 0x40877BE: libxl__parse_mac (libxl_internal.c:288)
==7971==    by 0x405C5F8: libxl__device_nic_from_xs_be (libxl.c:3405)
==7971==    by 0x4065542: libxl__append_nic_list_of_type (libxl.c:3484)
==7971==    by 0x4065542: libxl_device_nic_list (libxl.c:3504)
==7971==    by 0x406F561: libxl_retrieve_domain_configuration (libxl.c:6661)
==7971==    by 0x805671C: reload_domain_config (xl_cmdimpl.c:2037)
==7971==    by 0x8057F30: handle_domain_death (xl_cmdimpl.c:2116)
==7971==    by 0x8057F30: create_domain (xl_cmdimpl.c:2580)
==7971==    by 0x805B4B2: main_create (xl_cmdimpl.c:4652)
==7971==    by 0x804EAB2: main (xl.c:378)

This is because on the final iteration the tok += 3 skips over the terminating
NUL to the next byte, and then *tok reads it. Fix this by using endptr as the
iterator.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>