Andrew Cooper writes ("[PATCH] tools/xl: Fix segfaults from `xl
psr-cat-cbm-set` command line handling"):
> The socket option takes a mandatory argument. Mark it as such, so
> optarg isn't NULL when passed to trim(), which unconditionally
> dereference it.
>
> Range check optind against argc before blindly assuming that
> argv[optind] and argv[optind+1] exist.
Acked-by: Ian Jackson <ian.jack...@eu.citrix.com>
> I started doing an audit of xl's command line handling, but got to the
> very first command (memmax) and found another segfault because of
> blindly assuming that argv[optind + 1] was available.
>
> I fixed this example as I happened to use the command, but I currently
> lack the time to do a complete audit. IMO, a full audit should be a
> blocker for 4.6, especially given the nature of XSA-137
Yes. See also the 0/ message for my other fixes in this area. (I
mention this since what I did was part of such an audit but probably
not a complete one.)
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
