[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.17 v3 14/15] tools/ocaml/xenstored/syslog_stubs.c: avoid potential NULL dereference

  • To: Julien Grall <julien@xxxxxxx>
  • From: Edwin Torok <edvin.torok@xxxxxxxxxx>
  • Date: Tue, 8 Nov 2022 17:03:16 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4lI8yLzbzBtd5q3LdiqCldbuthJ0tZu3BbFa2WJb5NA=; b=c9Rx8MlCPYBvsivXp8wyJ5HiyLozMyHr4qV9t1Tah4tIlZycezLPbggi14Tq/YiqqD2S38rOpAEaO9hpTPIA9nf7rHCqgzbdePPhs1NKGy+bpge/lLflmp98yKAISsxU97Gq3OhBrTippBvAvamOeg65p+MXWF6GUMPaZ4+vaO5VoNhUqqGcZWbT3qdtaa1GE4fDKRwINcaFEKEhIYNr/9Vj/8qewTxfAhP4O6Ek64KhyB96l0k4em950vHB/J4NxsmYc7e5tKfKPuzehgj6mYNRJhgl6wFvjPlB9qHAEUW88+op2n6PplsMJkTORWJrhcywaHvDY62MQv6GATugNA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dIfQvIy52shSpMKjBbay1BXTkZxkZVVdPBJerj9LS8zxugkLFzAzZi77nS6rQLxZACvLK2oprdgRty0liW2kdiuPApx7ugoNhcHxauOkSCJGwEY0bFiiyzbgpDgUC5PoHgWxUyVroWK8hMvr2iAEL+CRLEOsIqIkCUU227xEJAVb0iBIQGkNyjlFl7fqI3VP5ZAnFLtgAcz0VtW/zcTIGJlwLUARt+qz5+oe80AMAGVsX62DQGjVq73gIkV9D35bEsx4nPohZWnE10UfCFqn2YMDg9J79yMrlfbVEYxL9HytiXYdQNqztmKFRSXTBjdesQ9yn5rBLPeQW6YI8CVTAQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, Christian Lindig <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Tue, 08 Nov 2022 17:03:32 +0000
  • Ironport-data: A9a23:djOnfK/BqeT1QrJZoDH0DrUDQH+TJUtcMsCJ2f8bNWPcYEJGY0x3m 2cbWDqBO/mDZDajKIx+O4njpElVuZTTzNAwS1A9rC48E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKucYHsZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ire7kIx1BjOkGlA5AZnPKgb5AW2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDkkJy eAlBzooTiuMgtrmy/GeT9FFq+caeZyD0IM34hmMzBn/JNN/G9XmfP+P4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTaNilAsuFTuGIO9ltiiSMlLn0Deu mXc+GfRCRAGLt2PjzGC9xpAg8efwXujBd5NT9VU8NY1hmSdzzxULicHC3eqjuuDpUO8VNBQf hl8Fi0G6PJaGFaQZtvgWxy1plaUsxhaXMBfe8Uq5QfIxqfK7gKxAmkfUiUHeNEgrNUxRzEhy hmOhdyBLRxitqeED02U8Li8pCm3fyMSKAcqaSYaQCMf7tLkoYV1iQjAJv58FIalg9uzHiv/q w1mtwA7jrQXyMsUjaOy+Amdhyr2/sSUCAko+g/QQ2SpqBtjY5KobJCp7l6d6utcKIGeTR+Ku 31sd9Wi0d3ixKqlzESlKNjh1pnwjxpZGFUwWWJSIqQ=
  • Ironport-hdrordr: A9a23:ba/cLqspn1JVU9MYL7gVnt4Q7skC1YMji2hC6mlwRA09TyXGra 2TdaUgvyMc1gx7ZJh5o6H6BEGBKUmslqKceeEqTPqftXrdyRGVxeZZnMffKlzbamfDH4tmuZ uIHJIOb+EYYWIasS++2njBLz9C+qjJzEnLv5a5854Fd2gDBM9dBkVCe3+m+yZNNWt77O8CZf 6hD7181l+dkBosDviTNz0gZazuttfLnJXpbVotHBg88jSDijuu9frTDwWY9g12aUIP/Z4StU z+1yDp7KSqtP+2jjXG0XXI0phQkNz9jvNeGc23jNQPIDmEsHfpWG0hYczAgNkGmpDr1L8Yqq iJn/7mBbU115rlRBD2nfIq4Xin7N9h0Q669bbSuwqfnSWwfkNHNyMGv/MWTvKR0TtfgPhslK 1MxG6XrJxREFfJmzn8/cHBU1VwmlOzumdKq59bs5TOObFuF4O5gLZvi3+9Kq1wah7S+cQiCq 1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm10xR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XXJ0vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdCuWs7ayvVeLmzNV1wg2XwqUmGLEfQI5tllulEU5XHNcrWGDzGTkwymM29pPhaCtHHWp +ISeBrP8M=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHY84hVR008RTfgG0S7ZZaDJ+Tj1641MUyAgAAPkoA=
  • Thread-topic: [PATCH for-4.17 v3 14/15] tools/ocaml/xenstored/syslog_stubs.c: avoid potential NULL dereference

> On 8 Nov 2022, at 16:07, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 08/11/2022 15:34, Edwin Török wrote:
>> If we are out of memory then strdup may return NULL, and passing NULL to
>> syslog may cause a crash.
>> Avoid this by using `caml_stat_strdup` which will raise an OCaml out of
>> memory exception instead.
>> This then needs to be paired with caml_stat_free.
>> Signed-off-by: Edwin Török <edvin.torok@xxxxxxxxxx>
>> ---
>> Reason for inclusion in 4.17:
>> - fixes a bug in out of memory situations
>> Changes since v2:
>> - new in v3
>> ---
>>  tools/ocaml/xenstored/syslog_stubs.c | 7 +++++--
>>  1 file changed, 5 insertions(+), 2 deletions(-)
>> diff --git a/tools/ocaml/xenstored/syslog_stubs.c 
>> b/tools/ocaml/xenstored/syslog_stubs.c
>> index 4e5e49b557..4ad85c8eb5 100644
>> --- a/tools/ocaml/xenstored/syslog_stubs.c
>> +++ b/tools/ocaml/xenstored/syslog_stubs.c
>> @@ -14,6 +14,7 @@
>>    #include <syslog.h>
>>  #include <string.h>
>> +#include <caml/fail.h>
>>  #include <caml/mlvalues.h>
>>  #include <caml/memory.h>
>>  #include <caml/alloc.h>
>> @@ -35,14 +36,16 @@ static int __syslog_facility_table[] = {
>>  value stub_syslog(value facility, value level, value msg)
>>  {
>>      CAMLparam3(facility, level, msg);
>> -    const char *c_msg = strdup(String_val(msg));
>> +    char *c_msg = strdup(String_val(msg));
> 
> This change seems to be unrelated with the goal of the commit. IMHO, this 
> should be done in a separate patch.
> 
> The minimum would be to mention in the commit message.

That is to avoid freeing 'const char*' (there is a typecast below).
I'll mention it.

> 
> Cheers,
> 
> -- 
> Julien Grall

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.