From f426a36cecfea2cfd69c28ca5ba4f4bfae913f63 Mon Sep 17 00:00:00 2001
From: "K. Y. Srinivasan" <kys@microsoft.com>
Date: Thu, 25 Oct 2012 14:15:49 -0700
Subject: tools: hv: Return the full kernel version

Currently, we are returning the same string for both OSBuildNumber
and OSVersion keys. Return the full uts string for the OSBuild
key since Windows does not impose any restrictions on this.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Claudio Latini <claudio.latini@live.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/hv/hv_kvp_daemon.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'tools')

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 5959affd882..6c7bcb9932c 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -88,6 +88,7 @@ static char *os_major = "";
 static char *os_minor = "";
 static char *processor_arch;
 static char *os_build;
+static char *os_version;
 static char *lic_version = "Unknown version";
 static struct utsname uts_buf;
 
@@ -453,7 +454,9 @@ void kvp_get_os_info(void)
 	char	*p, buf[512];
 
 	uname(&uts_buf);
-	os_build = uts_buf.release;
+	os_version = uts_buf.release;
+	os_build = strdup(uts_buf.release);
+
 	os_name = uts_buf.sysname;
 	processor_arch = uts_buf.machine;
 
@@ -462,7 +465,7 @@ void kvp_get_os_info(void)
 	 * string to be of the form: x.y.z
 	 * Strip additional information we may have.
 	 */
-	p = strchr(os_build, '-');
+	p = strchr(os_version, '-');
 	if (p)
 		*p = '\0';
 
@@ -1649,7 +1652,7 @@ int main(void)
 			strcpy(key_name, "OSMinorVersion");
 			break;
 		case OSVersion:
-			strcpy(key_value, os_build);
+			strcpy(key_value, os_version);
 			strcpy(key_name, "OSVersion");
 			break;
 		case ProcessorArchitecture:
-- 
cgit v1.2.3


From 3321e738d6f0a82b2c19f9d5890f304dab1e5357 Mon Sep 17 00:00:00 2001
From: "K. Y. Srinivasan" <kys@microsoft.com>
Date: Thu, 25 Oct 2012 14:15:50 -0700
Subject: Tools: hv: Don't return loopback addresses

Don't return loopback addresses and further don't terminate
the IP address strings with a semicolon. This is the current
behavior of Windows guests.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Claudio Latini <claudio.latini@live.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/hv/hv_kvp_daemon.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'tools')

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 6c7bcb9932c..13c2a142331 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -43,6 +43,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <dirent.h>
+#include <net/if.h>
 
 /*
  * KVP protocol: The user mode component first registers with the
@@ -882,7 +883,7 @@ static int kvp_process_ip_address(void *addrp,
 		addr_length = INET6_ADDRSTRLEN;
 	}
 
-	if ((length - *offset) < addr_length + 1)
+	if ((length - *offset) < addr_length + 2)
 		return HV_E_FAIL;
 	if (str == NULL) {
 		strcpy(buffer, "inet_ntop failed\n");
@@ -890,11 +891,13 @@ static int kvp_process_ip_address(void *addrp,
 	}
 	if (*offset == 0)
 		strcpy(buffer, tmp);
-	else
+	else {
+		strcat(buffer, ";");
 		strcat(buffer, tmp);
-	strcat(buffer, ";");
+	}
 
 	*offset += strlen(str) + 1;
+
 	return 0;
 }
 
@@ -956,7 +959,9 @@ kvp_get_ip_info(int family, char *if_name, int op,
 		 * supported address families; if not we gather info on
 		 * the specified address family.
 		 */
-		if ((family != 0) && (curp->ifa_addr->sa_family != family)) {
+		if ((((family != 0) &&
+			 (curp->ifa_addr->sa_family != family))) ||
+			 (curp->ifa_flags & IFF_LOOPBACK)) {
 			curp = curp->ifa_next;
 			continue;
 		}
-- 
cgit v1.2.3


From 95a69adab9acfc3981c504737a2b6578e4d846ef Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Thu, 8 Nov 2012 10:53:29 +0100
Subject: tools: hv: Netlink source address validation allows DoS

The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
Acked-by:  K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/hv/hv_kvp_daemon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'tools')

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 13c2a142331..c1d910243d4 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1486,13 +1486,19 @@ int main(void)
 		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
 				addr_p, &addr_l);
 
-		if (len < 0 || addr.nl_pid) {
+		if (len < 0) {
 			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
 					addr.nl_pid, errno, strerror(errno));
 			close(fd);
 			return -1;
 		}
 
+		if (addr.nl_pid) {
+			syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+					addr.nl_pid);
+			continue;
+		}
+
 		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
 		incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
 		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
-- 
cgit v1.2.3


From d892de8d3fb1e807de561289cfb1fed42950440a Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 9 Nov 2012 15:01:20 +0100
Subject: tools/hv: Fix string types

Initial patch by Ben Hutchings <ben@decadent.org.uk>

Standard C strings are arrays of char, not __u8 (unsigned char).
Declare variables and parameters accordingly, and add the necessary
casts.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
Acked-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 tools/hv/hv_kvp_daemon.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'tools')

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index c1d910243d4..d25a46925e6 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -299,7 +299,7 @@ static int kvp_file_init(void)
 	return 0;
 }
 
-static int kvp_key_delete(int pool, __u8 *key, int key_size)
+static int kvp_key_delete(int pool, const char *key, int key_size)
 {
 	int i;
 	int j, k;
@@ -342,7 +342,7 @@ static int kvp_key_delete(int pool, __u8 *key, int key_size)
 	return 1;
 }
 
-static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value,
+static int kvp_key_add_or_modify(int pool, const char *key, int key_size, const char *value,
 			int value_size)
 {
 	int i;
@@ -396,7 +396,7 @@ static int kvp_key_add_or_modify(int pool, __u8 *key, int key_size, __u8 *value,
 	return 0;
 }
 
-static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value,
+static int kvp_get_value(int pool, const char *key, int key_size, char *value,
 			int value_size)
 {
 	int i;
@@ -428,8 +428,8 @@ static int kvp_get_value(int pool, __u8 *key, int key_size, __u8 *value,
 	return 1;
 }
 
-static int kvp_pool_enumerate(int pool, int index, __u8 *key, int key_size,
-				__u8 *value, int value_size)
+static int kvp_pool_enumerate(int pool, int index, char *key, int key_size,
+				char *value, int value_size)
 {
 	struct kvp_record *record;
 
-- 
cgit v1.2.3