|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] tools/xenstore: fix get_spec_node()
commit cef523b4a7ca34ba6cfd368d41b180fd640801bc
Author: Juergen Gross <jgross@xxxxxxxx>
AuthorDate: Thu Jul 27 09:48:58 2023 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 27 09:48:58 2023 +0200
tools/xenstore: fix get_spec_node()
In case get_spec_node() is being called for a special node starting
with '@' it won't set *canonical_name. This can result in a crash of
xenstored due to dereferencing the uninitialized name in
fire_watches().
This is no security issue as it requires either a privileged caller or
ownership of the special node in question by an unprivileged caller
(which is questionable, as this would make the owner privileged in some
way).
Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special
watch paths")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
---
tools/xenstore/xenstored_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 6d27b2dd7f..9f1328a31f 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1253,8 +1253,11 @@ static struct node *get_spec_node(struct connection
*conn, const void *ctx,
const char *name, const char **canonical_name,
unsigned int perm)
{
- if (name[0] == '@')
+ if (name[0] == '@') {
+ if (canonical_name)
+ *canonical_name = name;
return get_node(conn, ctx, name, perm);
+ }
return get_node_canonicalized(conn, ctx, name, canonical_name, perm);
}
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |