From nobody Sat Jul 4 21:06:17 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1782513511; cv=none; d=zohomail.com; s=zohoarc; b=XT63Gqydb+DnOBtaMdXoYZAisnhgkaf+iU3NqV02bYBnG9OzhqOGAehVQVXpdZniczHeX9fnh75brVQJM7fuynROn6dwLfATZV2HNKEiyzBTjcX9IawwgxAHqDxlOmHSIMNWH5EyamEuHTOwS+g/Ndap88I8F4NJ7Wrg8j/rv70= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782513511; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gJ7J5OUQhuwtuJDScZp0+csOmtOM0uuBivsfSQrlrqk=; b=mkeFSOfX/MpAf6SA8ddd3Vb3MXv/52+r8mTjhZrfAh2UZlao5YzO50DqRjzS/8B96jT4pEUj0WE78Fh62Ug+kVfJDPFQr9j+6MQE63q1HF/psjCm4n/RAENvyKkkEgrjeg6N93DLVCc7vb4PskZk1A6fHmN+9qA6vFZd5Y2mV0k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782513511149301.04191820364395; Fri, 26 Jun 2026 15:38:31 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1346554.1604943 (Exim 4.92) (envelope-from ) id 1wdFBR-0000jg-5X; Fri, 26 Jun 2026 22:38:01 +0000 Received: by outflank-mailman (output) from mailman id 1346554.1604943; Fri, 26 Jun 2026 22:38:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wdFBR-0000jY-0u; Fri, 26 Jun 2026 22:38:01 +0000 Received: by outflank-mailman (input) for mailman id 1346554; Fri, 26 Jun 2026 22:37:59 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wdFBP-0000jS-2m for xen-devel@lists.xenproject.org; Fri, 26 Jun 2026 22:37:59 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wdFBO-007ev4-7v for xen-devel@lists.xenproject.org; Sat, 27 Jun 2026 00:37:58 +0200 Received: from [10.42.69.12] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a3eff18-2eae-0a2a0a5409dd-0a2a450c9340-16 for ; Sat, 27 Jun 2026 00:37:58 +0200 Received: from [209.85.128.176] (helo=mail-yw1-f176.google.com) by tlsNG-d25034.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a3eff45-f399-0a2a450c0019-d15580b0a587-3 for ; Sat, 27 Jun 2026 00:37:57 +0200 Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-7fffb090ddfso14597857b3.1 for ; Fri, 26 Jun 2026 15:37:57 -0700 (PDT) Received: from Dev-Null-MSI ([2a0d:3344:52ac:a808:98a4:4381:be45:536f]) by smtp.gmail.com with ESMTPSA id 00721157ae682-80d23e43a9asm118387b3.8.2026.06.26.15.37.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jun 2026 15:37:56 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=20251104 header.d=gmail.com header.i="@gmail.com" header.h="Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782513476; x=1783118276; darn=lists.xenproject.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gJ7J5OUQhuwtuJDScZp0+csOmtOM0uuBivsfSQrlrqk=; b=e/l4a7yAUe8BCreamsdsryHzZkTiEdmfihbXsqR6nBwCHyuHPWGddbZ3zqt2ZltJe/ ELOZRXiR+4nGyWmDmfeEfZIgdr+va8XlGAdGRmaC3pp9cScK1V6Ehmgz4X/IMFbV9o9g C53BvBKO4eoROVSN26B6Z5rJPB4dzy5+v5gPDojfeTLyba94QGChk/xm5fjONC6r+QZq wIvLZnQZ8bVB+++q43dLWy/1dEirzEcWNZSdCzHxf810X+tZF4w5l3w/SoXPT9jhcEHx 1GY7/3DJsrGB6GgJEK+YtFwvITWyiqsRKydAMVVhTtD5Oc8rc/40EJ8bDC5lBHImictn zGMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782513476; x=1783118276; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=gJ7J5OUQhuwtuJDScZp0+csOmtOM0uuBivsfSQrlrqk=; b=b/xx6Ls9Enn9+kQeXXXzlQoTioluOIpgMAMG6GdVQZ0uXiPv5xnO9eCnJJ8VxakNQL jUPzWlZ+mWzzedjeKGCzkKaih3ssRJKdz2iyPTtQHmFqRGHzrSZ/JRFqhR3alkKfqJcD tnLchR5qWFMhlWyINByAEeC9FfLjYL8XgCo7WJJ/TyCiZ3oXrXCCmJGPrU41c3CwQBR3 nBoxaWf+VNFPZVyk9+V8Pza3TX8CvELwFPmev+krITnoBeqWEOOuqc2iBn3VEwdqsP+u KhhdZr9vnE4hQZdhHuug2jA9BBpaGuJjpNk9I3ktUUUORh5gdxlpfvezg1qGHgrZvu0o LeMg== X-Gm-Message-State: AOJu0YxRXRlyOTgIeAWAiLhLGQlYaUyboEp0FOVqFtgwIe6CaQyYIbsy KiwfUxqbS437SuHnNO4mthwiiHTNsxKK8re+ou9DFExp/TmUCwWEkrnJ X-Gm-Gg: AfdE7clVqssuCUoP2jmBk4UhBmcu2vDICF8mVRzF92xwvYd+CzxGYT1ZKTmvgU64wUC iTYLr2m2FqyQOuSG8cHX5PGvNETjYm8ZQMNDrnRuWuJgfQFz1qU6NrO9kdwu0dUZMvJHemrjtGi Ds26M1JVZvYx+gY0m9SmEEk3NCNoV3dMTeT3ZhSxP2FY+Adpn/kx0I618rZdIABjEGrAQhdesB5 A8ugymDLoxYYxJzko7HcJkDEPcWJqxxw/2lAlfGGYZD+z8N1HJVLwqxGZkDJ7FybmV4NdrIiLA9 3qn3A3mXznU2c7ZLC4hdQZ1Jnq4neZQVsU/O7HJHRC4QAb0VnnIjfnBNqR4u5mhed6xCC9GpXdg oDc5PmtnBUe4l8e3lcFrSFBQrOVfF7hE9tl+Aq67oYrDOGjgk63natRGmMfd/1ncxWweDUDIS6X 16We+bE0UplRbV420wj2kC3jfB8A== X-Received: by 2002:a05:690c:660b:b0:7fd:decc:d26f with SMTP id 00721157ae682-80671737c68mr161028967b3.8.1782513476472; Fri, 26 Jun 2026 15:37:56 -0700 (PDT) From: Yousef Alhouseen To: Juergen Gross , Stefano Stabellini , Oleksandr Tyshchenko Cc: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, Yousef Alhouseen Subject: [PATCH v2] xenbus: reject unterminated directory replies Date: Sat, 27 Jun 2026 00:37:38 +0200 Message-ID: <20260626223738.43742-1-alhouseenyousef@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260624124242.9160-1-alhouseenyousef@gmail.com> References: <20260624124242.9160-1-alhouseenyousef@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-d25034/1782513478-9072FD51-B8003FBF/0/0 X-purgate-type: clean X-purgate-size: 1188 X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1782513512657158500 Content-Type: text/plain; charset="utf-8" split_strings() walks each directory entry with strlen(). Although the transport adds a terminator after the reply buffer, a malformed reply without a final NUL inside its advertised length would let that walk cross the protocol payload boundary. Reject such replies before counting the strings. Report the protocol violation once and return -EIO to the caller. Signed-off-by: Yousef Alhouseen Reviewed-by: Juergen Gross --- Changes in v2: - Reject malformed replies instead of copying the transport-added terminator, as suggested by Juergen Gross. drivers/xen/xenbus/xenbus_xs.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c index c202e7c55..d1cca4acb 100644 --- a/drivers/xen/xenbus/xenbus_xs.c +++ b/drivers/xen/xenbus/xenbus_xs.c @@ -417,6 +417,12 @@ static char **split_strings(char *strings, unsigned in= t len, unsigned int *num) { char *p, **ret; =20 + if (len && strings[len - 1]) { + pr_err_once("malformed XS_DIRECTORY reply\n"); + kfree(strings); + return ERR_PTR(-EIO); + } + /* Count the strings. */ *num =3D count_strings(strings, len); =20 --=20 2.54.0