projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 074b32e) | patch
tools/xenstore: don't let remove_child_entry() call corrupt()
authorJuergen Gross <jgross@suse.com>
Tue, 13 Sep 2022 05:35:11 +0000 (07:35 +0200)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 1 Nov 2022 14:07:24 +0000 (14:07 +0000)
commit32ff913afed898e6aef61626a58dc0bf5c6309ef
tree9111a0937585146eee668ee78f85db3a5468bfbetree | snapshot
parent074b32e47174a30bb751f2e2c07628eb56117eb8commit | diff
tools/xenstore: don't let remove_child_entry() call corrupt()

In case of write_node() returning an error, remove_child_entry() will
call corrupt() today. This could result in an endless recursion, as
remove_child_entry() is called by corrupt(), too:

corrupt()
  check_store()
    check_store_()
      remove_child_entry()

Fix that by letting remove_child_entry() return an error instead and
let the caller decide what to do.

This is part of XSA-418 / CVE-2022-42321.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>
(cherry picked from commit 0c00c51f3bc8206c7f9cf87d014650157bee2bf4)
tools/xenstore/xenstored_core.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.