[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v2 49/49] migration: Use strnlen() for fixed-size str
From: |
Michael S. Tsirkin |
Subject: |
[Qemu-devel] [PULL v2 49/49] migration: Use strnlen() for fixed-size string |
Date: |
Tue, 15 Jan 2019 15:06:27 -0500 |
From: Philippe Mathieu-Daudé <address@hidden>
GCC 8 introduced the -Wstringop-overflow, which detect buffer overflow
by string-modifying functions declared in <string.h>, such strncpy(),
used in global_state_store_running().
GCC indeed found an incorrect use of strlen(), because this array
is loaded by VMSTATE_BUFFER(runstate, GlobalState) then parsed
using qapi_enum_parse which does not get the buffer length.
Use strnlen() which returns sizeof(s->runstate) if the array is not
NUL-terminated, assert the size is within range, and enforce the array
to be NUL-terminated to avoid an overflow in qapi_enum_parse().
This fixes:
CC migration/global_state.o
qemu/migration/global_state.c: In function 'global_state_pre_save':
qemu/migration/global_state.c:109:15: error: 'strlen' argument 1 declared
attribute 'nonstring' [-Werror=stringop-overflow=]
s->size = strlen((char *)s->runstate) + 1;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
qemu/migration/global_state.c:24:13: note: argument 'runstate' declared here
uint8_t runstate[100] QEMU_NONSTRING;
^~~~~~~~
cc1: all warnings being treated as errors
make: *** [qemu/rules.mak:69: migration/global_state.o] Error 1
Suggested-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Reviewed-by: Dr. David Alan Gilbert <address@hidden>
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
migration/global_state.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/migration/global_state.c b/migration/global_state.c
index 01805c567a..2c8c447239 100644
--- a/migration/global_state.c
+++ b/migration/global_state.c
@@ -89,6 +89,17 @@ static int global_state_post_load(void *opaque, int
version_id)
s->received = true;
trace_migrate_global_state_post_load(runstate);
+ if (strnlen((char *)s->runstate,
+ sizeof(s->runstate)) == sizeof(s->runstate)) {
+ /*
+ * This condition should never happen during migration, because
+ * all runstate names are shorter than 100 bytes (the size of
+ * s->runstate). However, a malicious stream could overflow
+ * the qapi_enum_parse() call, so we force the last character
+ * to a NUL byte.
+ */
+ s->runstate[sizeof(s->runstate) - 1] = '\0';
+ }
r = qapi_enum_parse(&RunState_lookup, runstate, -1, &local_err);
if (r == -1) {
@@ -107,7 +118,8 @@ static int global_state_pre_save(void *opaque)
GlobalState *s = opaque;
trace_migrate_global_state_pre_save((char *)s->runstate);
- s->size = strlen((char *)s->runstate) + 1;
+ s->size = strnlen((char *)s->runstate, sizeof(s->runstate)) + 1;
+ assert(s->size <= sizeof(s->runstate));
return 0;
}
--
MST
- [Qemu-devel] [PULL v2 22/49] virtio: split virtio balloon bits from virtio-pci, (continued)
- [Qemu-devel] [PULL v2 22/49] virtio: split virtio balloon bits from virtio-pci, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 42/49] tpm: clear RAM when "memory overwrite" requested, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 24/49] virtio: split vhost user blk bits from virtio-pci, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 32/49] virtio: split virtio crypto bits from virtio-pci.h, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 40/49] acpi: build TPM Physical Presence interface, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 41/49] acpi: add ACPI memory clear interface, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 20/49] virtio: split virtio input bits from virtio-pci, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 43/49] hw: acpi: Fix memory hotplug AML generation error, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 23/49] virtio: split virtio 9p bits from virtio-pci, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 30/49] virtio: split virtio serial bits from virtio-pci, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 49/49] migration: Use strnlen() for fixed-size string,
Michael S. Tsirkin <=
- [Qemu-devel] [PULL v2 44/49] acpi: update expected files, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 45/49] qemu/compiler: Define QEMU_NONSTRING, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 47/49] hw/acpi: Use QEMU_NONSTRING for non NUL-terminated arrays, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 48/49] migration: Fix stringop-truncation warning, Michael S. Tsirkin, 2019/01/15
- [Qemu-devel] [PULL v2 46/49] block/sheepdog: Use QEMU_NONSTRING for non NUL-terminated arrays, Michael S. Tsirkin, 2019/01/15
- Re: [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features, Peter Maydell, 2019/01/17
- Re: [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features, Michael S. Tsirkin, 2019/01/17
- Re: [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features, Peter Maydell, 2019/01/17
- Re: [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features, Michael S. Tsirkin, 2019/01/17
- Re: [Qemu-devel] [PULL v2 00/49] pci, pc, virtio: fixes, features, Peter Maydell, 2019/01/17