[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] tools/xenstored: Avoid unnecessary talloc_strdup() in do_control_lu()

commit 2fc7939e26d223b2a8ce37204ea479d013444b7f
Author:     Julien Grall <jgrall@xxxxxxxxxx>
AuthorDate: Thu Feb 25 15:15:23 2021 +0000
Commit:     Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Fri Feb 26 09:45:41 2021 +0000

    tools/xenstored: Avoid unnecessary talloc_strdup() in do_control_lu()
    At the moment, the return of talloc_strdup() is not checked. This means
    we may dereference a NULL pointer if the allocation failed.
    However, it is pointless to allocate the memory as send_reply() will
    copy the data to a different buffer. So drop the use of talloc_strdup().
    This bug was discovered and resolved using Coverity Static Analysis
    Security Testing (SAST) by Synopsys, Inc.
    Fixes: fecab256d474 ("tools/xenstore: add basic live-update command 
    Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Release-Acked-by: Ian Jackson <iwj@xxxxxxxxxxxxxx>
 tools/xenstore/xenstored_control.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tools/xenstore/xenstored_control.c 
index f10beaf85e..e8a501acdb 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -691,7 +691,6 @@ static const char *lu_start(const void *ctx, struct 
connection *conn,
 static int do_control_lu(void *ctx, struct connection *conn,
                         char **vec, int num)
-       const char *resp;
        const char *ret = NULL;
        unsigned int i;
        bool force = false;
@@ -734,8 +733,7 @@ static int do_control_lu(void *ctx, struct connection *conn,
        if (!ret)
                ret = "OK";
-       resp = talloc_strdup(ctx, ret);
-       send_reply(conn, XS_CONTROL, resp, strlen(resp) + 1);
+       send_reply(conn, XS_CONTROL, ret, strlen(ret) + 1);
        return 0;
generated by git-patchbot for /home/xen/git/xen.git#staging



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.