[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XEN PATCH] libxl: Check return value of libxl__xs_directory in name2bdf

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Date: Mon, 11 Jul 2022 11:38:47 +0100
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, G.R. <firemeteor@xxxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Mon, 11 Jul 2022 10:39:30 +0000
  • Ironport-data: A9a23:+y3AtqKm47VJzC2NFE+RqZUlxSXFcZb7ZxGr2PjKsXjdYENS1DAPm zBKUD2CPP/fY2H0fIx1atm+/RgE6pfQn4QyGQRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA14+IMsdoUg7wbRh3dcx2YHR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 Md8h8CtTDwUApCWyMdHTgVVCztAEqITrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBMDtIIMYvGAm1TzDBOwqaZvCX7/L9ZlT2zJYasVmQquCN ppDNWsHgBLobwNfOmgcJrgHtcj1vlOvSRBH9X/Fqv9ii4TU5FMoi+W8WDbPQfSVQe1Fk0Deo XjJl0z7DQsdL8e30iee/zSngeqntTP2XsceGaO18tZugUaP3SoDBRsOT1y5rPKlzEmkVLp3J U0O9y8jsaU17mS2VdTnRFujp2OetRMSXMBfHqs85R3l90bPy1/HXC5eFGcHMYF48p9tLdA36 rOXt8HYN2BytYaodU/HppTOsC+/ITIrAmBXMEfoUjA5D8nfTJAb10ySEY07SvPs17UZChmrn WnU8XFWa6E7yJdSiv7lpQ2vbyeE/MChc+Ij2unAsotJBCtdbZXtWYGn4EOzAR1ofNfAFQnpU JTpdqGjAAEy4XKlznXlrB0lRu3B2hp/DBXSgER0A74q/Cm39niocOh4uW8jexs2Yp9bJW6zP Cc/XD+9A7cKZhOXgVJfOdrtW6zGM4C6fTgaahwkRoUXOcUgHON21CpveVSRzwjQraTYqolmY c3zWZ/1VR4yUP07pBLrFrx1+eJ6mUgDKZb7GMmT5w65yoCXeHP9Ye5DaDNimMhitPPayOgUm v4CX/a3J+J3CbyhPHiOrtdNRb3IRFBiba3LRwVsXrbrCmJb9KsJUZc9HZtJl1RZoplo
  • Ironport-hdrordr: A9a23:QTEt3KDD5hhQgt3lHemm55DYdb4zR+YMi2TC1yhKJiC9Ffbo8v xG/c5rsiMc5wxxZJhNo7290cq7MBHhHPxOgbX5VI3KNGKNhILBFvAH0WKI+VPd8kPFmtK1rZ 0QEJRDNA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
libxl__xs_directory() can potentially return NULL without setting `n`.
As `n` isn't initialised, we need to check libxl__xs_directory()
return value before checking `n`. Otherwise, `n` might be non-zero
with `bdfs` NULL which would lead to a segv.

Reported-by: "G.R." <firemeteor@xxxxxxxxxxxxxxxxxxxxx>
Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the 
IDL...")
Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
---

Hi G.R., you've reported a segv in name2bdf(), and that the only
potential segv I've found. I hope it's the same one as you've
experienced!
---
 tools/libs/light/libxl_pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c
index 96f88795b6..f4c4f17545 100644
--- a/tools/libs/light/libxl_pci.c
+++ b/tools/libs/light/libxl_pci.c
@@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci)
     int rc = ERROR_NOTFOUND;
 
     bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n);
-    if (!n)
+    if (!bdfs || !n)
         goto out;
 
     for (i = 0; i < n; i++) {
-- 
Anthony PERARD

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.