Xen project Mailing List

[PATCH for-4.17 v3 14/15] tools/ocaml/xenstored/syslog_stubs.c: avoid potential NULL dereference

From: Edwin Török <edvin.torok@xxxxxxxxxx>

Date: Tue, 8 Nov 2022 15:34:06 +0000

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Henry Wang <Henry.Wang@xxxxxxx>, Edwin Török <edvin.torok@xxxxxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>

Delivery-date: Tue, 08 Nov 2022 15:39:51 +0000

Ironport-data: A9a23:jPjP+630aAVB3id3FPbD5d9xkn2cJEfYwER7XKvMYLTBsI5bp2AHx zEbXDuHOPzeamf9ftwnaoq0oxgGuZfRx9Q2TQs/pC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK5ULSfUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS9nuDgNyo4GlC5wVmNagR1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfK0VU5 943LhQ2bVOMqP6s/46dW+YyiZF2RCXrFNt3VnBIyDjYCbAtQIzZQrWM7thdtNsyrpkQR7CEP ZNfMGcxKkSbC/FMEg5/5JYWkeu2h3+5bzpCr1G9rqsr+WnDigd21dABNfKFJI3RGJ4Ezi50o ErAp1/AHxsqL+am9iap6GmLv/bGuRL0Ddd6+LqQqacx3Qz7KnYoIAISfUu2p7++kEHWc8JSL QkY9zQjqYA29Ve3VZ/tUhugunmGsxUAHd1KHIUSyAyL0LuS3A+fCUANVDsHY9sj3Oc6TCIn/ kWElNToAXpoqrL9dJ6G3u7K93XoY3FTdDJcI39fJecY3zX9iKsXlADtYdBHK632gfLpAw7M5 SGF8idr0t3/kvU3/6m8+FnGhRelqZ7IUhM5623rY4610u9qTNX7PtL1sDA3+d4Fdd/EFQfZ4 BDojuDEtIgz4YexeDthqQnnNJWg/L67PTLVmjaD9LFxpm32qxZPkW29iQySxXuF0O5eJ1cFg 2eJ42u9AaO/21P7BZKbm6rrV6wXIVHITLwIlpn8N7KimKRZeg6d5z1JbkWNxW3rm0VEufhhZ 8jLLZj1VS5AV/QPIN+KqwA1iOFD+8zD7TmLGcCTI+qPjdJym0J5uZ9aaQDTP4jVHYuPoRnP8 sY3Cid540w3bQA/CwGJmbMuwacidClmWsqt8JQHL4Zu4GNOQQkcNhMY+pt5E6QNokifvrygE q2VMqOA9GfCuA==

Ironport-hdrordr: A9a23:r3pXR6C4zmoqEFXlHemU55DYdb4zR+YMi2TC1yhKJyC9Ffbo7v xG/c5rsyMc5wxwZJhNo7y90ey7MBbhHP1OkO4s1NWZLWrbUQKTRekIh+bfKn/baknDH4ZmpN 9dmsNFaeEYY2IUsS+D2njbL+od

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

If we are out of memory then strdup may return NULL, and passing NULL to syslog may cause a crash. Avoid this by using `caml_stat_strdup` which will raise an OCaml out of memory exception instead. This then needs to be paired with caml_stat_free. Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx> --- Reason for inclusion in 4.17: - fixes a bug in out of memory situations Changes since v2: - new in v3 --- tools/ocaml/xenstored/syslog_stubs.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c index 4e5e49b557..4ad85c8eb5 100644 --- a/tools/ocaml/xenstored/syslog_stubs.c +++ b/tools/ocaml/xenstored/syslog_stubs.c @@ -14,6 +14,7 @@ #include <syslog.h> #include <string.h> +#include <caml/fail.h> #include <caml/mlvalues.h> #include <caml/memory.h> #include <caml/alloc.h> @@ -35,14 +36,16 @@ static int __syslog_facility_table[] = { value stub_syslog(value facility, value level, value msg) { CAMLparam3(facility, level, msg); - const char *c_msg = strdup(String_val(msg)); + char *c_msg = strdup(String_val(msg)); int c_facility = __syslog_facility_table[Int_val(facility)] | __syslog_level_table[Int_val(level)]; + if ( !c_msg ) + caml_raise_out_of_memory(); caml_enter_blocking_section(); syslog(c_facility, "%s", c_msg); caml_leave_blocking_section(); - free((void*)c_msg); + free(c_msg); CAMLreturn(Val_unit); } -- 2.34.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.