From nobody Wed May 8 06:42:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1655983487; cv=none; d=zohomail.com; s=zohoarc; b=iJz7e3XkVyxWTekmEl7Yz3+fJ6S6Q8Hgd3H0YezOwKuEjE+ovzEUPH0pw1a8dYHPvDPdVg77zCpV74yC3fVR4ztoCfrz1bZuixAoirWWKGbPR4k81OfeyE2/orfx3yJVq95HaKiFb1eBtLRm+mdRFGhc3khkYoP9EvRPKjKECiE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1655983487; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=48pd6qT6ElSdCjI12mEb8x+anpsLHh/bkyVkl9bWtvE=; b=NgcY9t452zo1k2xdLlygpyg1ZjtvLMIFXR6uxTlhKNBNqQ6GDrhpyHKBRKW+GLmqAbzwwW0wggydbyGf87T09KE+3s4QCQdkvjbTc6m8imdbHIhIOuXoGKgY7BHEGrYmTX6ZQ0G0Jr2GPaa3g/lGKAcO4zjB2M6hMBJvwyLnHCM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1655983487861834.549388548947; Thu, 23 Jun 2022 04:24:47 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.354831.582141 (Exim 4.92) (envelope-from ) id 1o4Kwc-0000d6-02; Thu, 23 Jun 2022 11:24:18 +0000 Received: by outflank-mailman (output) from mailman id 354831.582141; Thu, 23 Jun 2022 11:24:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o4Kwb-0000cz-TQ; Thu, 23 Jun 2022 11:24:17 +0000 Received: by outflank-mailman (input) for mailman id 354831; Thu, 23 Jun 2022 11:24:16 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o4Kwa-0000ct-O6 for xen-devel@lists.xenproject.org; Thu, 23 Jun 2022 11:24:16 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1o4Kwa-0003UT-JK; Thu, 23 Jun 2022 11:24:16 +0000 Received: from 54-240-197-224.amazon.com ([54.240.197.224] helo=dev-dsk-jgrall-1b-035652ec.eu-west-1.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1o4Kwa-0001It-A7; Thu, 23 Jun 2022 11:24:16 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date: Subject:Cc:To:From; bh=48pd6qT6ElSdCjI12mEb8x+anpsLHh/bkyVkl9bWtvE=; b=S/QWtA Pd932QAyJKv2pvGMz5HdLQm+zyKJzWxCuubDwmIHDP/2X472orvJO4sfQlVoEQb7019+m0E8Ci7hy YyHnZx8gp1GCLvgHLC1wZUDC6V7jdCoWqw6OJgl/PmI7x3wYVdMxGmyYagPNt1Ku/nS+bwFzYIQHl LXLinF78L00=; From: Julien Grall To: xen-devel@lists.xenproject.org Cc: julien@xen.org, Julien Grall , Wei Liu , Juergen Gross , Anthony PERARD Subject: [PATCH] tools/xenstored: Harden corrupt() Date: Thu, 23 Jun 2022 12:24:07 +0100 Message-Id: <20220623112407.13604-1-julien@xen.org> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @xen.org) X-ZM-MESSAGEID: 1655983489056100001 Content-Type: text/plain; charset="utf-8" From: Julien Grall At the moment, corrupt() is neither checking for allocation failure nor freeing the allocated memory. Harden the code by printing ENOMEM if the allocation failed and free 'str' after the last use. This is not considered to be a security issue because corrupt() should only be called when Xenstored thinks the database is corrupted. Note that the trigger (i.e. a guest reliably provoking the call) would be a security issue. Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic abili= ty to recover from store") Signed-off-by: Julien Grall Reviewed-by: Juergen Gross --- tools/xenstore/xenstored_core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_cor= e.c index fa733e714e9a..b6279bdfe229 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -2065,7 +2065,11 @@ void corrupt(struct connection *conn, const char *fm= t, ...) va_end(arglist); =20 log("corruption detected by connection %i: err %s: %s", - conn ? (int)conn->id : -1, strerror(saved_errno), str); + conn ? (int)conn->id : -1, strerror(saved_errno), + str ? str : "ENOMEM"); + + if (str) + talloc_free(str); =20 check_store(); } --=20 2.32.0