From nobody Fri May 3 19:09:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1614274949; cv=none; d=zohomail.com; s=zohoarc; b=gq6bUee+dU6ax9eiTXl2dA0lW8pXZ2TzOT9wbf9X3EdeRKmbgkGRCfaqrGSI8c5pU9UFv+3MudL6gDw4vaPdpiV6rlaUDOErKT91/t/KGVED/SdDDb6WiINpeFRvKhQhEyyZrlDKakTX0Zm+UDn7aawh4P/2TwkY9U+fNB257z8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614274949; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=AsXl1Pz/JngLBcmlXDlPm3M/+CU4TVWFsS8Ry3xt94k=; b=SWtIZK0ymBATu1h33W1+uXWwBNMIkwzs07IyN6IOBqp23kO+ZgtsNUCDLH54OL5Y5UDx1Hltwg8w68aj3VukfE1hTz+tPb1kSQUneBdClVInwLumZO/MKtyTEMa37Aa0XvYvsj5yd1JE9qQs/jCjlWoXhy13lOFH+82Jzb/MSDA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614274949613195.88176513891278; Thu, 25 Feb 2021 09:42:29 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.89891.169791 (Exim 4.92) (envelope-from ) id 1lFKeV-00069y-H5; Thu, 25 Feb 2021 17:42:15 +0000 Received: by outflank-mailman (output) from mailman id 89891.169791; Thu, 25 Feb 2021 17:42:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeV-00069p-Ck; Thu, 25 Feb 2021 17:42:15 +0000 Received: by outflank-mailman (input) for mailman id 89891; Thu, 25 Feb 2021 17:42:14 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeU-000690-CY for xen-devel@lists.xenproject.org; Thu, 25 Feb 2021 17:42:14 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeT-0005qk-EC; Thu, 25 Feb 2021 17:42:13 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFKeT-00032g-3I; Thu, 25 Feb 2021 17:42:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=AsXl1Pz/JngLBcmlXDlPm3M/+CU4TVWFsS8Ry3xt94k=; b=qIWgFwpRYq59HKUUqTUo+Gbls +bPbBxsbcwnQaXp8Y88/l2MGQ+hjpYH0x3IFMNPsdVzhXnYboqliZC3qdrXnPvuvHwjD6wC6eGYsC VLfHHzToFtXLrgGUHI7eIWU+DoPmXWl4EjxCu1s1eZXOS0HHvw7JvTG82PRo+YSgOtsBU=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: raphning@amazon.co.uk, iwj@xenproject.org, Julien Grall , Wei Liu , Juergen Gross Subject: [PATCH for-4.15 1/5] tools/xenstored: Avoid unnecessary talloc_strdup() in do_control_lu() Date: Thu, 25 Feb 2021 17:41:27 +0000 Message-Id: <20210225174131.10115-2-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210225174131.10115-1-julien@xen.org> References: <20210225174131.10115-1-julien@xen.org> X-ZohoMail-DKIM: pass (identity @xen.org) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall At the moment, the return of talloc_strdup() is not checked. This means we may dereference a NULL pointer if the allocation failed. However, it is pointless to allocate the memory as send_reply() will copy the data to a different buffer. So drop the use of talloc_strdup(). This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: fecab256d474 ("tools/xenstore: add basic live-update command parsing= ") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- tools/xenstore/xenstored_control.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_= control.c index f10beaf85eb4..e8a501acdb62 100644 --- a/tools/xenstore/xenstored_control.c +++ b/tools/xenstore/xenstored_control.c @@ -691,7 +691,6 @@ static const char *lu_start(const void *ctx, struct con= nection *conn, static int do_control_lu(void *ctx, struct connection *conn, char **vec, int num) { - const char *resp; const char *ret =3D NULL; unsigned int i; bool force =3D false; @@ -734,8 +733,7 @@ static int do_control_lu(void *ctx, struct connection *= conn, =20 if (!ret) ret =3D "OK"; - resp =3D talloc_strdup(ctx, ret); - send_reply(conn, XS_CONTROL, resp, strlen(resp) + 1); + send_reply(conn, XS_CONTROL, ret, strlen(ret) + 1); return 0; } #endif --=20 2.17.1 From nobody Fri May 3 19:09:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1614274950; cv=none; d=zohomail.com; s=zohoarc; b=a1L38hZPEvy8hRJ7iOG4/FTZ8k4zn5pYcUMnhmf4ZRyVRzn3gzniklYV0u0V69Zg91Fn7MYP985dbUrvJOpMOZqEvLevvf3ysEL4i0vL3kbDgCq6a+t3kA9foyXV+2MUQS5RTfIrRiN/mTDlAEpPkmgV8tQi/SFH8GZM8bbGRJo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614274950; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=JuTt5+fVqpN12bzr+SQUOtZ9U/AniX5wCdCX0Q2WLao=; b=kFNUo4mTF85se+ekimvIg9vDjEbkII7ZKE6TL4tdZOOGyfc8dzsEQbehu09nPi0fk2Xru63R1Mqfe9XAxh1z6QECN+AnXBDzCfh/+6BL+YW1eKwoCg98h5FGyDU7PUtwMjsr1O/bj2CusJpox6R57nDSfeH3vxQ+KqpBh9XDQwA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614274950738464.6006196223166; Thu, 25 Feb 2021 09:42:30 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.89892.169803 (Exim 4.92) (envelope-from ) id 1lFKeW-0006C6-Ps; Thu, 25 Feb 2021 17:42:16 +0000 Received: by outflank-mailman (output) from mailman id 89892.169803; Thu, 25 Feb 2021 17:42:16 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeW-0006By-LB; Thu, 25 Feb 2021 17:42:16 +0000 Received: by outflank-mailman (input) for mailman id 89892; Thu, 25 Feb 2021 17:42:15 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeV-0006A2-F1 for xen-devel@lists.xenproject.org; Thu, 25 Feb 2021 17:42:15 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeU-0005qs-Fw; Thu, 25 Feb 2021 17:42:14 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFKeU-00032g-7E; Thu, 25 Feb 2021 17:42:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=JuTt5+fVqpN12bzr+SQUOtZ9U/AniX5wCdCX0Q2WLao=; b=5i5uy41NOnXHp39CeUAjMnJZn Jvu+LoaUW7sd/DbtG/GNjoJ1frUp/JDVUQlRXaPw328ObUdirePteN4lkVfScrXb3vgH5ys6nglEN kSG18A/Lwbx+m4L4u7aikIeWRoTxrC5zcrBBL7Mo8C53CVi76QpxC5nlhHEXnptLGPIek=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: raphning@amazon.co.uk, iwj@xenproject.org, Julien Grall , Wei Liu , Juergen Gross Subject: [PATCH for-4.15 2/5] tools/xenstored: Avoid unnecessary talloc_strdup() in do_lu_start() Date: Thu, 25 Feb 2021 17:41:28 +0000 Message-Id: <20210225174131.10115-3-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210225174131.10115-1-julien@xen.org> References: <20210225174131.10115-1-julien@xen.org> X-ZohoMail-DKIM: pass (identity @xen.org) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall At the moment, the return of talloc_strdup() is not checked. This means we may dereference a NULL pointer if the allocation failed. However, it is pointless to allocate the memory as send_reply() will copy the data to a different buffer. So drop the use of talloc_strdup(). This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: af216a99fb4a ("tools/xenstore: add the basic framework for doing the= live update") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- tools/xenstore/xenstored_control.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_= control.c index e8a501acdb62..8eb57827765c 100644 --- a/tools/xenstore/xenstored_control.c +++ b/tools/xenstore/xenstored_control.c @@ -638,7 +638,6 @@ static bool do_lu_start(struct delayed_request *req) { time_t now =3D time(NULL); const char *ret; - char *resp; =20 if (!lu_check_lu_allowed()) { if (now < lu_status->started_at + lu_status->timeout) @@ -660,8 +659,7 @@ static bool do_lu_start(struct delayed_request *req) out: talloc_free(lu_status); =20 - resp =3D talloc_strdup(req->in, ret); - send_reply(lu_status->conn, XS_CONTROL, resp, strlen(resp) + 1); + send_reply(lu_status->conn, XS_CONTROL, ret, strlen(ret) + 1); =20 return true; } --=20 2.17.1 From nobody Fri May 3 19:09:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1614274950; cv=none; d=zohomail.com; s=zohoarc; b=DfmOP6DtmIgCDaPWjtzepdNl1bUn4QccG/l8vlxAvjXQ7mXXHt7B8owIEahJujKjsyVY1cDI6LflIw9GffkzHZ5nRL8jGljz5yeVG5WABfomSxFo8YZQs/wv+q/ygPzSmbLBt71/MMRDQBg6QRDRPaghJZfoIgYokEsMQxu3ZO0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614274950; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=Ouy6xY5aZ/aq/+pbqmrj55EhVefIirlCz92nwNMOsZA=; b=eberi0SbakmM2bhFrdHA1Qe6NuTCo5HdwnCUkbnEC3GdV7fc4JmCkfWv47rpMol/A1kvDt0lkeVKAz6PzQAbhG6F7KceGkZD53veBYJeg9voNs685/anbSsJs54czMSwHuezrhzdWhPB9GE93Vr6dh36o7wsizzUO7/Emom4lPQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614274950955606.4926022185484; Thu, 25 Feb 2021 09:42:30 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.89893.169808 (Exim 4.92) (envelope-from ) id 1lFKeX-0006Cz-4Q; Thu, 25 Feb 2021 17:42:17 +0000 Received: by outflank-mailman (output) from mailman id 89893.169808; Thu, 25 Feb 2021 17:42:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeW-0006CT-UQ; Thu, 25 Feb 2021 17:42:16 +0000 Received: by outflank-mailman (input) for mailman id 89893; Thu, 25 Feb 2021 17:42:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeW-0006Bm-Aw for xen-devel@lists.xenproject.org; Thu, 25 Feb 2021 17:42:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeV-0005qz-Js; Thu, 25 Feb 2021 17:42:15 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFKeV-00032g-B9; Thu, 25 Feb 2021 17:42:15 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=Ouy6xY5aZ/aq/+pbqmrj55EhVefIirlCz92nwNMOsZA=; b=x+8bIRwILAv/nmOo1cc9xwPdm 7qBOBZtcexmHlyNMvcxQsWnqcX9OqY/8HPnwk3AP1njlyD940IhnTQ7kfbGv7Sao2Ml4OJVzbK5Zt Uqi/WT+drUEonBHHtA1VUbCaEwWvKrEv2Iz5qTmpa6DZRSt17NnvoUaHxWuZF++9BLGnE=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: raphning@amazon.co.uk, iwj@xenproject.org, Julien Grall , Wei Liu , Juergen Gross Subject: [PATCH for-4.15 3/5] tools/xenstored: control: Store the save filename in lu_dump_state Date: Thu, 25 Feb 2021 17:41:29 +0000 Message-Id: <20210225174131.10115-4-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210225174131.10115-1-julien@xen.org> References: <20210225174131.10115-1-julien@xen.org> X-ZohoMail-DKIM: pass (identity @xen.org) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall The function lu_close_dump_state() will use talloc_asprintf() without checking whether the allocation succeeded. In the unlikely case we are out of memory, we would dereference a NULL pointer. As we already computed the filename in lu_get_dump_state(), we can store the name in the lu_dump_state. This is avoiding to deal with memory file in the close path and also reduce the risk to use the different filename. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: c0dc6a3e7c41 ("tools/xenstore: read internal state when doing live u= pgrade") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- tools/xenstore/xenstored_control.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_= control.c index 8eb57827765c..653890f2d9e0 100644 --- a/tools/xenstore/xenstored_control.c +++ b/tools/xenstore/xenstored_control.c @@ -16,6 +16,7 @@ Interactive commands for Xen Store Daemon. along with this program; If not, see . */ =20 +#include #include #include #include @@ -74,6 +75,7 @@ struct lu_dump_state { unsigned int size; #ifndef __MINIOS__ int fd; + char *filename; #endif }; =20 @@ -399,17 +401,16 @@ static void lu_dump_close(FILE *fp) =20 static void lu_get_dump_state(struct lu_dump_state *state) { - char *filename; struct stat statbuf; =20 state->size =3D 0; =20 - filename =3D talloc_asprintf(NULL, "%s/state_dump", xs_daemon_rootdir()); - if (!filename) + state->filename =3D talloc_asprintf(NULL, "%s/state_dump", + xs_daemon_rootdir()); + if (!state->filename) barf("Allocation failure"); =20 - state->fd =3D open(filename, O_RDONLY); - talloc_free(filename); + state->fd =3D open(state->filename, O_RDONLY); if (state->fd < 0) return; if (fstat(state->fd, &statbuf) !=3D 0) @@ -431,14 +432,13 @@ static void lu_get_dump_state(struct lu_dump_state *s= tate) =20 static void lu_close_dump_state(struct lu_dump_state *state) { - char *filename; + assert(state->filename !=3D NULL); =20 munmap(state->buf, state->size); close(state->fd); =20 - filename =3D talloc_asprintf(NULL, "%s/state_dump", xs_daemon_rootdir()); - unlink(filename); - talloc_free(filename); + unlink(state->filename); + talloc_free(state->filename); } =20 static char *lu_exec(const void *ctx, int argc, char **argv) --=20 2.17.1 From nobody Fri May 3 19:09:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1614274952; cv=none; d=zohomail.com; s=zohoarc; b=OGoY/tVylu9cULkAK+Jb9sXWYCgovFqS29wfQZ8X96gB3/c6KE+4K/SreK5mYceH5crs+I+DYZloRZhY2PF3wSvXPJiHMjwm/Un8Ae3tfStsY/Bv2bSK68rZWGpTJGYgq0M0etXSD5F5xitihr7MXGc4QDYk8OWmR9abEfEPqxk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614274952; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=MOM7smBMP9BCXNrEE1hf8/uoWjibhwZ1Ud0ejevMQus=; b=kjPLU2nMrTlN2FqvqPcvQn2ci1cZ1HiAsrnOJWES+cgQ+Ezr4OmwtfRdD9VhoCTUsVYihEdkBOm+S+gwWqHL9Rs4bd0E/CxBbK1u3cAPe7/xYBcNhVpDwyMjt8rCqJG71u3KTWQUjls4dZ/ESo0MS4WA8Gjzfo/CqAq9vS7asho= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614274952898169.20057857975416; Thu, 25 Feb 2021 09:42:32 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.89894.169827 (Exim 4.92) (envelope-from ) id 1lFKeZ-0006H4-Dy; Thu, 25 Feb 2021 17:42:19 +0000 Received: by outflank-mailman (output) from mailman id 89894.169827; Thu, 25 Feb 2021 17:42:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeZ-0006Gu-9z; Thu, 25 Feb 2021 17:42:19 +0000 Received: by outflank-mailman (input) for mailman id 89894; Thu, 25 Feb 2021 17:42:17 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeX-0006Eh-Lv for xen-devel@lists.xenproject.org; Thu, 25 Feb 2021 17:42:17 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeW-0005r7-OD; Thu, 25 Feb 2021 17:42:16 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFKeW-00032g-FC; Thu, 25 Feb 2021 17:42:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=MOM7smBMP9BCXNrEE1hf8/uoWjibhwZ1Ud0ejevMQus=; b=KDNoJwOGHmFC6HUQafwmQtJ5i XDPpKCkfQVLho8V22Sg9WziAsyJSl7e3NsLAAAI97Z9jSnBWKKbhSdFJtPCRolByzOk9IccxFbe6Y xWgZ1G5RrcXTIjyNJck3YtCec6T2w7Ic4ndI9qwc9hFeUyCZ4rEhh5Mh/rT3ewGZeu1xY=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: raphning@amazon.co.uk, iwj@xenproject.org, Julien Grall , Wei Liu , Juergen Gross Subject: [PATCH for-4.15 4/5] tools/xenstore-control: Don't leak buf in live_update_start() Date: Thu, 25 Feb 2021 17:41:30 +0000 Message-Id: <20210225174131.10115-5-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210225174131.10115-1-julien@xen.org> References: <20210225174131.10115-1-julien@xen.org> X-ZohoMail-DKIM: pass (identity @xen.org) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall All the error paths but one will free buf. Cover the remaining path so buf can't be leaked. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Fixes: 7f97193e6aa8 ("tools/xenstore: add live update command to xenstore-c= ontrol") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- tools/xenstore/xenstore_control.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstore_control.c b/tools/xenstore/xenstore_co= ntrol.c index f6f4626c0656..548363ee7094 100644 --- a/tools/xenstore/xenstore_control.c +++ b/tools/xenstore/xenstore_control.c @@ -44,8 +44,10 @@ static int live_update_start(struct xs_handle *xsh, bool= force, unsigned int to) return 1; =20 ret =3D strdup("BUSY"); - if (!ret) + if (!ret) { + free(buf); return 1; + } =20 for (time_start =3D time(NULL); time(NULL) - time_start < to;) { free(ret); --=20 2.17.1 From nobody Fri May 3 19:09:01 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1614274953; cv=none; d=zohomail.com; s=zohoarc; b=LW8I9hFd88bqeHKBdDnHg2gWuPWiBcYUdiSyDvb9NWn3nz9TQpxDxrDqtVQvHVlQS87j/sE2cq61gABu6ZTTwwYrCpkpjNVvK6b13JNR0dT/O8F/519gELZmQ5wU/GG19s3AWWrLEhjxKtvTYcUhp2CAwun6Hh+nX5AvFjgol80= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614274953; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=53L5vgadSleOIYD3/pBTYYZNiwh9to3K/XeeeFHyx60=; b=AFKY0vG8rg78CA7YDXgwkVLA0GeNp1XP984FkznfKeUdjP96z6KDmSCMvE11NamCQYmq93+F5W4g7LZ84ZE+bfmVX5M9mjWeR9QTbCrZiGMVevH+16EcD+J398WTcgcVYQhHQ4fYkkDPMXx3fFh6ssmWqBOMGqHztdT0dv8kprM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1614274953157887.5498427312464; Thu, 25 Feb 2021 09:42:33 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.89895.169833 (Exim 4.92) (envelope-from ) id 1lFKeZ-0006I4-UR; Thu, 25 Feb 2021 17:42:19 +0000 Received: by outflank-mailman (output) from mailman id 89895.169833; Thu, 25 Feb 2021 17:42:19 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeZ-0006Hf-LW; Thu, 25 Feb 2021 17:42:19 +0000 Received: by outflank-mailman (input) for mailman id 89895; Thu, 25 Feb 2021 17:42:18 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeY-0006GB-GZ for xen-devel@lists.xenproject.org; Thu, 25 Feb 2021 17:42:18 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lFKeX-0005rD-RK; Thu, 25 Feb 2021 17:42:17 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFKeX-00032g-J5; Thu, 25 Feb 2021 17:42:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=53L5vgadSleOIYD3/pBTYYZNiwh9to3K/XeeeFHyx60=; b=Ozt6BqekBvI7kK5lApoC1yTg4 +nbNKSPUsqRE18z9JlEmv01Q1xT3nZpyirFappNNH2i+mRlYe8QEInE1uKqg7sYADkZYOogd/a+8I d3NmCXx3WlX5wX2NVF5GemdLgFRwagXNx+5Qq9IO+3Zmts1TXwuTn8uFbMgmdx3+Ot4+w=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: raphning@amazon.co.uk, iwj@xenproject.org, Julien Grall , Wei Liu , Juergen Gross Subject: [PATCH for-4.15 5/5] tools/xenstored: Silence coverity when using xs_state_* structures Date: Thu, 25 Feb 2021 17:41:31 +0000 Message-Id: <20210225174131.10115-6-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210225174131.10115-1-julien@xen.org> References: <20210225174131.10115-1-julien@xen.org> X-ZohoMail-DKIM: pass (identity @xen.org) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall Coverity will report unitialized values for every use of xs_state_* structures in the save part. This can be prevented by using the [0] rather than [] to define variable length array. Coverity-ID: 1472398 Coverity-ID: 1472397 Coverity-ID: 1472396 Coverity-ID: 1472395 Signed-off-by: Julien Grall --- From my understanding, the tools and the hypervisor already rely on GNU extensions. So the change should be fine. If not, we can use the same approach as XEN_FLEX_ARRAY_DIM. --- tools/xenstore/include/xenstore_state.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/xenstore/include/xenstore_state.h b/tools/xenstore/inclu= de/xenstore_state.h index ae0d053c8ffc..407d9e920c0f 100644 --- a/tools/xenstore/include/xenstore_state.h +++ b/tools/xenstore/include/xenstore_state.h @@ -86,7 +86,7 @@ struct xs_state_connection { uint16_t data_in_len; /* Number of unprocessed bytes read from conn= . */ uint16_t data_resp_len; /* Size of partial response pending for conn.= */ uint32_t data_out_len; /* Number of bytes not yet written to conn. */ - uint8_t data[]; /* Pending data (read, written) + 0-7 pad byt= es. */ + uint8_t data[0]; /* Pending data (read, written) + 0-7 pad by= tes. */ }; =20 /* Watch: */ @@ -94,7 +94,7 @@ struct xs_state_watch { uint32_t conn_id; /* Connection this watch is associated with. */ uint16_t path_length; /* Number of bytes of path watched (incl. 0). = */ uint16_t token_length; /* Number of bytes of watch token (incl. 0). */ - uint8_t data[]; /* Path bytes, token bytes, 0-7 pad bytes. */ + uint8_t data[0]; /* Path bytes, token bytes, 0-7 pad bytes. */ }; =20 /* Transaction: */ @@ -125,7 +125,7 @@ struct xs_state_node { #define XS_STATE_NODE_TA_WRITTEN 0x0002 uint16_t perm_n; /* Number of permissions (0 in TA: node delete= d). */ /* Permissions (first is owner, has full access). */ - struct xs_state_node_perm perms[]; + struct xs_state_node_perm perms[0]; /* Path and data follows, plus 0-7 pad bytes. */ }; #endif /* XENSTORE_STATE_H */ --=20 2.17.1