[sheepdog] Question on the string format of vdiname and tag in LOCK_VDI/GET_VDI_INFO

Ryusuke Konishi konishi.ryusuke at lab.ntt.co.jp
Wed Dec 4 06:00:19 CET 2013


Hi List,

It seems that there is ambiguity about string format in vdi name and
tag name of LOCK_VDI and GET_VDI_INFO requests.

The find_vdi_name function of dog command ensures that both vdi name
and tag name are null-terminated in the data buffer with pstrcpy():

   char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN];

   memset(buf, 0, sizeof(buf));
   pstrcpy(buf, SD_MAX_VDI_LEN, vdiname);
   if (tag)
           pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, tag);


These strings are truncated to the size of buffer - 1 if they are
longer than it.

However, find_vdi_name function of the qemu sheepdog driver doesn't
ensure that filename and tag are null-terminated because it uses
strncpy():

   char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN];

   /* This pair of strncpy calls ensures that the buffer is zero-filled,
    * which is desirable since we'll soon be sending those bytes, and
    * don't want the send_req to read uninitialized data.
    */
   strncpy(buf, filename, SD_MAX_VDI_LEN);
   strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN);

These strings are truncated to the size of buffer.


The current tgt sheepdog driver doesn't ensure it, too:

   char buf[SD_MAX_VDI_LEN + SD_MAX_VDI_TAG_LEN];

   memset(buf, 0, sizeof(buf));
   strncpy(buf, filename, SD_MAX_VDI_LEN);
   strncpy(buf + SD_MAX_VDI_LEN, tag, SD_MAX_VDI_TAG_LEN);


Is there any guideline for this sort of string data for sheepdog ?


Regards,
Ryusuke Konishi



More information about the sheepdog mailing list