From nobody Sun Feb 8 09:27:14 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1689865760; cv=none; d=zohomail.com; s=zohoarc; b=K/hbUcgvBWFksXnDOcu1PWHFOV7VdOgpFF/2Rq8OZi8/zStFGiTx5b4aIz0hn0thHHdaAuAivlaER9vzWfbHC9pVPABkZvL/1hcWRmqC4mG0GSivT0lSjHdmHRuCKQ9SP05VS6daBKzBRxO50iHTI/CF96BF6W8R7QkOh9NtrWo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689865760; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=Mm9z2RuOqoZtdeMxdTy+7Yv+GZAtLc3X7R1vOQMQKZ4=; b=G0NuZGG2MUWJEt45gDZvLIi4IPWQQ8hu0dPKMnMUXNeKxUMIkF+NW7CzYj623up0l0wRkY0bb8JtbnF1EKyI35hQcLNKu8A+qOxtInINfJHbilVmcgswnDuusDWmdjQNk/cIFF+TdI6AYOj1/fnG4+6mBtbCIZe0EA+rkDd1n/o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1689865760208717.1787328084195; Thu, 20 Jul 2023 08:09:20 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.566655.885768 (Exim 4.92) (envelope-from ) id 1qMVH1-0004I9-B6; Thu, 20 Jul 2023 15:08:59 +0000 Received: by outflank-mailman (output) from mailman id 566655.885768; Thu, 20 Jul 2023 15:08:59 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qMVH1-0004I2-82; Thu, 20 Jul 2023 15:08:59 +0000 Received: by outflank-mailman (input) for mailman id 566655; Thu, 20 Jul 2023 15:08:58 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qMVGz-0004Hu-Vk for xen-devel@lists.xenproject.org; Thu, 20 Jul 2023 15:08:57 +0000 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 587dd974-270f-11ee-8611-37d641c3527e; Thu, 20 Jul 2023 17:08:56 +0200 (CEST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id AC1AD21DB7; Thu, 20 Jul 2023 15:08:55 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 7E7C2138EC; Thu, 20 Jul 2023 15:08:55 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 7FRYHQdOuWQ5DQAAMHmgww (envelope-from ); Thu, 20 Jul 2023 15:08:55 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 587dd974-270f-11ee-8611-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1689865735; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Mm9z2RuOqoZtdeMxdTy+7Yv+GZAtLc3X7R1vOQMQKZ4=; b=ZQylcMZMlaFi9eMmPyvQ9pzmW2gmfRRXsOz/RF8Bx3pEtl5NtwbWgojPxn01SUGQnq07GS FT2Ozkm08TgNrIWINe0uxVtfAjHH/JK63sUjr02aEjLJ/ZpySD4w/YCKasmaaTdeNG8tuy K5HaV7BhqVIHRHMRZeZ+YtMysbeD8i0= From: Juergen Gross To: xen-devel@lists.xenproject.org Cc: Juergen Gross , Wei Liu , Julien Grall , Anthony PERARD Subject: [PATCH] tools/xenstore: fix get_spec_node() Date: Thu, 20 Jul 2023 17:08:53 +0200 Message-Id: <20230720150853.31368-1-jgross@suse.com> X-Mailer: git-send-email 2.35.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1689865762352100001 Content-Type: text/plain; charset="utf-8" In case get_spec_node() is being called for a special node starting with '@' it won't set *canonical_name. This can result in a crash of xenstored due to dereferencing the uninitialized name in fire_watches(). This is no security issue as it requires either a privileged caller or ownership of the special node in question by an unprivileged caller (which is questionable, as this would make the owner privileged in some way). Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special wat= ch paths") Signed-off-by: Juergen Gross --- tools/xenstore/xenstored_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_cor= e.c index a1d3047e48..790c403904 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -1252,8 +1252,11 @@ static struct node *get_spec_node(struct connection = *conn, const void *ctx, const char *name, char **canonical_name, unsigned int perm) { - if (name[0] =3D=3D '@') + if (name[0] =3D=3D '@') { + if (canonical_name) + *canonical_name =3D (char *)name; return get_node(conn, ctx, name, perm); + } =20 return get_node_canonicalized(conn, ctx, name, canonical_name, perm); } --=20 2.35.3