diff options
Diffstat (limited to 'main/xen/xsa68.patch')
| -rw-r--r-- | main/xen/xsa68.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/main/xen/xsa68.patch b/main/xen/xsa68.patch new file mode 100644 index 0000000000..cad655be25 --- /dev/null +++ b/main/xen/xsa68.patch @@ -0,0 +1,69 @@ +libxl: fix vif rate parsing + +strtok can return NULL here. We don't need to use strtok anyway, so just +use a simple strchr method. + +Coverity-ID: 1055642 + +This is CVE-2013-4369 / XSA-68 + +Signed-off-by: Matthew Daley <mattjd@gmail.com> + +Fix type. Add test case + +Signed-off-by: Ian Campbell <Ian.campbell@citrix.com> + +diff --git a/tools/libxl/check-xl-vif-parse b/tools/libxl/check-xl-vif-parse +index 0473182..02c6dba 100755 +--- a/tools/libxl/check-xl-vif-parse ++++ b/tools/libxl/check-xl-vif-parse +@@ -206,4 +206,8 @@ expected </dev/null + one $e rate=4294967295GB/s@5us + one $e rate=4296MB/s@4294s + ++# test include of single '@' ++expected </dev/null ++one $e rate=@ ++ + complete +diff --git a/tools/libxl/libxlu_vif.c b/tools/libxl/libxlu_vif.c +index 3b3de0f..0665e62 100644 +--- a/tools/libxl/libxlu_vif.c ++++ b/tools/libxl/libxlu_vif.c +@@ -95,23 +95,30 @@ int xlu_vif_parse_rate(XLU_Config *cfg, const char *rate, libxl_device_nic *nic) + uint64_t bytes_per_sec = 0; + uint64_t bytes_per_interval = 0; + uint32_t interval_usecs = 50000UL; /* Default to 50ms */ +- char *ratetok, *tmprate; ++ char *p, *tmprate; + int rc = 0; + + tmprate = strdup(rate); ++ if (tmprate == NULL) { ++ rc = ENOMEM; ++ goto out; ++ } ++ ++ p = strchr(tmprate, '@'); ++ if (p != NULL) ++ *p++ = 0; ++ + if (!strcmp(tmprate,"")) { + xlu__vif_err(cfg, "no rate specified", rate); + rc = EINVAL; + goto out; + } + +- ratetok = strtok(tmprate, "@"); +- rc = vif_parse_rate_bytes_per_sec(cfg, ratetok, &bytes_per_sec); ++ rc = vif_parse_rate_bytes_per_sec(cfg, tmprate, &bytes_per_sec); + if (rc) goto out; + +- ratetok = strtok(NULL, "@"); +- if (ratetok != NULL) { +- rc = vif_parse_rate_interval_usecs(cfg, ratetok, &interval_usecs); ++ if (p != NULL) { ++ rc = vif_parse_rate_interval_usecs(cfg, p, &interval_usecs); + if (rc) goto out; + } + |