Xen project Mailing List

Re: [PATCH v3 2/2] tools/xenstore: fix get_spec_node()

From: Juergen Gross <jgross@xxxxxxxx>

Date: Thu, 3 Aug 2023 12:21:36 +0200

Cc: Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Julien Grall <jgrall@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 03 Aug 2023 10:21:46 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 03.08.23 11:53, Jan Beulich wrote:

On 27.07.2023 09:55, Juergen Gross wrote:

On 27.07.23 09:53, Jan Beulich wrote:

On 24.07.2023 12:33, Juergen Gross wrote:

In case get_spec_node() is being called for a special node starting
with '@' it won't set *canonical_name. This can result in a crash of
xenstored due to dereferencing the uninitialized name in
fire_watches().

This is no security issue as it requires either a privileged caller or
ownership of the special node in question by an unprivileged caller
(which is questionable, as this would make the owner privileged in some
way).

Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special watch 
paths")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>


I've committed the two patches, and I've queued this one for backporting.


Thanks.

Can at least one of you please confirm that the earlier patch is not
intended to be backported, and that instead a cast will need adding in
the backport of the one here?


Yes, that was the plan.


Hmm, looks like the offending patch exists only on the master branch.

Oh, indeed. It seemed to be so long ago that I changed this ... Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.