|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] tools/xenstored: Harden corrupt()
commit db3382dd4f468c763512d6bf91c96773395058fb
Author: Julien Grall <jgrall@xxxxxxxxxx>
AuthorDate: Thu Jun 23 13:43:23 2022 +0100
Commit: Julien Grall <jgrall@xxxxxxxxxx>
CommitDate: Thu Jun 23 13:44:10 2022 +0100
tools/xenstored: Harden corrupt()
At the moment, corrupt() is neither checking for allocation failure
nor freeing the allocated memory.
Harden the code by printing ENOMEM if the allocation failed and
free 'str' after the last use.
This is not considered to be a security issue because corrupt() should
only be called when Xenstored thinks the database is corrupted. Note
that the trigger (i.e. a guest reliably provoking the call) would be
a security issue.
Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic
ability to recover from store")
Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
---
tools/xenstore/xenstored_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index fa733e714e..8867f93431 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -2065,7 +2065,10 @@ void corrupt(struct connection *conn, const char *fmt,
...)
va_end(arglist);
log("corruption detected by connection %i: err %s: %s",
- conn ? (int)conn->id : -1, strerror(saved_errno), str);
+ conn ? (int)conn->id : -1, strerror(saved_errno),
+ str ?: "ENOMEM");
+
+ talloc_free(str);
check_store();
}
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |