[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen stable-4.16] tools/xenstored: Harden corrupt()
commit 81ee3d08351be1ef2a14d371993604098d6a4673 Author: Julien Grall <jgrall@xxxxxxxxxx> AuthorDate: Tue Jul 12 11:12:13 2022 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jul 12 11:12:13 2022 +0200 tools/xenstored: Harden corrupt() At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store") Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> master commit: db3382dd4f468c763512d6bf91c96773395058fb master date: 2022-06-23 13:44:10 +0100 --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 91d093a12e..0c8ee276f8 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -2087,7 +2087,10 @@ void corrupt(struct connection *conn, const char *fmt, ...) va_end(arglist); log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ?: "ENOMEM"); + + talloc_free(str); check_store(); } -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.16
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |