From nobody Mon Feb 9 01:17:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1610751185; cv=none; d=zohomail.com; s=zohoarc; b=F5bjtk2QhCVioqnOW1vC/qWxbG77HO+Qg0CvH0C38aXuy0Q6jq5/5g+INnGr2fbXanO5VELicAiVeo9g762a1mj/6Z9FZ6cVuMvVzysdW2iYxAPdfIF9A2GYwdiUpnoZtjJZKNmug2tY80xyZUsLoyDFhwxbS4HXni7X04Ps29Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1610751185; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=jz6RsZXgsbmjXRMnaCdV8Bqcv1SJLJcO5v9mmXb2Wa0=; b=iAXnDvxK2W8HkE5Np2742sBW+GvZmsCUsQBelciOKdB92WGvGld0DIJ2fZ7rCM9jVoVoqNINisuTzGOhdmhYqwYxTr0GLwl6+uc0Pq08cbddFUJZydQLC41ZZsQTlARjCgLWgUzuGHN+elvL2KiPz6zTncfjcPQ9wqZ9vRqrf/A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1610751185464608.03708881058; Fri, 15 Jan 2021 14:53:05 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.68729.123152 (Exim 4.92) (envelope-from ) id 1l0XxX-0001tJ-VK; Fri, 15 Jan 2021 22:52:47 +0000 Received: by outflank-mailman (output) from mailman id 68729.123152; Fri, 15 Jan 2021 22:52:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0XxX-0001t9-QF; Fri, 15 Jan 2021 22:52:47 +0000 Received: by outflank-mailman (input) for mailman id 68729; Fri, 15 Jan 2021 22:52:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0XxW-0001jt-JH for xen-devel@lists.xenproject.org; Fri, 15 Jan 2021 22:52:46 +0000 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id cbd5bad1-0521-4255-9081-413b880163cd; Fri, 15 Jan 2021 22:52:42 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cbd5bad1-0521-4255-9081-413b880163cd DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1610751162; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=m+mU/BwTks6nFEMCGPDEd+poI05u50+/Dta57xu6Hio=; b=SC4hW2RcpZDzQqkzPPKAm28RhWaIbKiZ0MFXq7bV6FmaK6dtBmcUDwq7 w7ZYFs5neA3Ds1JX0ViPQyHdQ0EQA9HgbDBnhqVf5SPhz20sybMfjIJOZ 6fBv18UnFHhkqNG4zBaKG8qh1YcS2CqwGkebxTIt4EEd6wl1Y7JvM3Jp5 Q=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: +/LaM1m+rcM5Pq74ZGY60/XWuFJNnjkfXHsM05xZlzUgtwMAilYZZNon8dyE9gIa6mse3zQ1m4 OgskTagfrfHONx+iCP+6tBsPPbCvTEo7E2Qo1PNSJXX7DdpK7K2wJ5JLDvqnZrk9ncvSOqE5hV kU4HUUVCwYUGXEeW1ckW+zzD2rXMv6eOgk3eMxFDnsHoNhrU35JBjrctwRWiH6wQ7moClydpx1 KSNkEg0iuiQU0jtwde1QYUZ8GqJWGvVyi3GnqXadR9SUrLjUHDIcZTzA1tiv57YvPM85beVs0H OTo= X-SBRS: 5.1 X-MesageID: 35263553 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.79,350,1602561600"; d="scan'208";a="35263553" From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= To: CC: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= , "Christian Lindig" , David Scott , "Ian Jackson" , Wei Liu Subject: [PATCH v1 3/4] tools/ocaml/xenstored: reject invalid watch paths early Date: Fri, 15 Jan 2021 22:29:08 +0000 Message-ID: <2fc657a7d7af881f2c0ee437ddaec668452419fe.1610748224.git.edvin.torok@citrix.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) Watches on invalid paths were accepted, but they would never trigger. The client also got no notification that its watch is bad and would never trigger. Found again by the structured fuzzer, due to an error on live update reload: the invalid watch paths would get rejected during live update and the list of watches would be different pre/post live update. This was found by an older version of the fuzzer: ``` Test live-update failed (507 shrink steps): [NEW; (0, None, WATCH ([""; ""], "")); (0, None, CONTROL live-update ())] ``` The testcase is watch on `//`, which is an invalid path. Signed-off-by: Edwin T=C3=B6r=C3=B6k --- tools/ocaml/xenstored/connection.ml | 5 ++--- tools/ocaml/xenstored/connections.ml | 4 +++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tools/ocaml/xenstored/connection.ml b/tools/ocaml/xenstored/co= nnection.ml index 1f9fe9e3b2..c7f22e5ee9 100644 --- a/tools/ocaml/xenstored/connection.ml +++ b/tools/ocaml/xenstored/connection.ml @@ -163,18 +163,17 @@ let get_children_watches con path =3D let is_dom0 con =3D Perms.Connection.is_dom0 (get_perm con) =20 -let add_watch con path token =3D +let add_watch con (path, apath) token =3D if !Quota.activate && !Define.maxwatch > 0 && not (is_dom0 con) && con.nb_watches > !Define.maxwatch then raise Quota.Limit_reached; - let apath =3D get_watch_path con path in let l =3D get_watches con apath in if List.exists (fun w -> w.token =3D token) l then raise Define.Already_exist; let watch =3D watch_create ~con ~token ~path in Hashtbl.replace con.watches apath (watch :: l); con.nb_watches <- con.nb_watches + 1; - apath, watch + watch =20 let del_watch con path token =3D let apath =3D get_watch_path con path in diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/c= onnections.ml index 8a66eeec3a..3c7429fe7f 100644 --- a/tools/ocaml/xenstored/connections.ml +++ b/tools/ocaml/xenstored/connections.ml @@ -114,8 +114,10 @@ let key_of_path path =3D "" :: Store.Path.to_string_list path =20 let add_watch cons con path token =3D - let apath, watch =3D Connection.add_watch con path token in + let apath =3D Connection.get_watch_path con path in + (* fail on invalid paths early by calling key_of_str before adding watch = *) let key =3D key_of_str apath in + let watch =3D Connection.add_watch con (path, apath) token in let watches =3D if Trie.mem cons.watches key then Trie.find cons.watches key --=20 2.29.2