[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.13] tools/oxenstored: Reject invalid watch paths early
commit 00cf603e6a798943f034babb8ece7764d185c232 Author: Edwin Török <edvin.torok@xxxxxxxxxx> AuthorDate: Fri Jan 15 19:28:37 2021 +0000 Commit: Ian Jackson <iwj@xxxxxxxxxxxxxx> CommitDate: Fri Mar 19 13:44:13 2021 +0000 tools/oxenstored: Reject invalid watch paths early Watches on invalid paths were accepted, but they would never trigger. The client also got no notification that its watch is bad and would never trigger. Found again by the structured fuzzer, due to an error on live update reload: the invalid watch paths would get rejected during live update and the list of watches would be different pre/post live update. The testcase is watch on `//`, which is an invalid path. Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx> Acked-by: Christian Lindig <christian.lindig@xxxxxxxxxx> Release-Acked-by: Ian Jackson <iwj@xxxxxxxxxxxxxx> (cherry picked from commit dc8caf214fb882546b0e93317b9828247a7c9da8) --- tools/ocaml/xenstored/connection.ml | 5 ++--- tools/ocaml/xenstored/connections.ml | 4 +++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/connection.ml index 850539e43a..daf8d804f7 100644 --- a/tools/ocaml/xenstored/connection.ml +++ b/tools/ocaml/xenstored/connection.ml @@ -158,18 +158,17 @@ let get_children_watches con path = let is_dom0 con = Perms.Connection.is_dom0 (get_perm con) -let add_watch con path token = +let add_watch con (path, apath) token = if !Quota.activate && !Define.maxwatch > 0 && not (is_dom0 con) && con.nb_watches > !Define.maxwatch then raise Quota.Limit_reached; - let apath = get_watch_path con path in let l = get_watches con apath in if List.exists (fun w -> w.token = token) l then raise Define.Already_exist; let watch = watch_create ~con ~token ~path in Hashtbl.replace con.watches apath (watch :: l); con.nb_watches <- con.nb_watches + 1; - apath, watch + watch let del_watch con path token = let apath = get_watch_path con path in diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/connections.ml index 1a70d412d5..7efdf3e5e0 100644 --- a/tools/ocaml/xenstored/connections.ml +++ b/tools/ocaml/xenstored/connections.ml @@ -114,8 +114,10 @@ let key_of_path path = "" :: Store.Path.to_string_list path let add_watch cons con path token = - let apath, watch = Connection.add_watch con path token in + let apath = Connection.get_watch_path con path in + (* fail on invalid paths early by calling key_of_str before adding watch *) let key = key_of_str apath in + let watch = Connection.add_watch con (path, apath) token in let watches = if Trie.mem cons.watches key then Trie.find cons.watches key -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.13
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |