On Wed, Dec 04, 2013 at 02:00:19PM +0900, Ryusuke Konishi wrote: > Hi List, > > It seems that there is ambiguity about string format in vdi name and > tag name of LOCK_VDI and GET_VDI_INFO requests. > > The find_vdi_name function of dog command ensures that both vdi name > and tag name are null-terminated in the data buffer with pstrcpy(): > > char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN]; > > memset(buf, 0, sizeof(buf)); > pstrcpy(buf, SD_MAX_VDI_LEN, vdiname); > if (tag) > pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, tag); > > > These strings are truncated to the size of buffer - 1 if they are > longer than it. > > However, find_vdi_name function of the qemu sheepdog driver doesn't > ensure that filename and tag are null-terminated because it uses > strncpy(): > > char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN]; > > /* This pair of strncpy calls ensures that the buffer is zero-filled, > * which is desirable since we'll soon be sending those bytes, and > * don't want the send_req to read uninitialized data. > */ > strncpy(buf, filename, SD_MAX_VDI_LEN); > strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN); > > These strings are truncated to the size of buffer. > > > The current tgt sheepdog driver doesn't ensure it, too: > > char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN]; > > memset(buf, 0, sizeof(buf)); > strncpy(buf, filename, SD_MAX_VDI_LEN); > strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN); > > > Is there any guideline for this sort of string data for sheepdog ? > Probably we should adhere to what is being done in dog, that is, all tag and names are null-terminated. But QEMU code (where tgt driver derives from )is so old that some early decision is forgotten. Thanks Yuan |