From: kaf24@localhost.localdomain <kaf24@localhost.localdomain>
Date: Sat, 11 Nov 2006 01:23:11 +0000 (+0000)
Subject: [XENSTORED] Fix errno 'leak' in xenstored.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~15551^2~18
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=22ed12a0f3266df4714057f9bdf2dfc9577bf80e;p=xen.git

[XENSTORED] Fix errno 'leak' in xenstored.

In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back.  As a result, the client can learn about the errno of
the last failed request to xenstored (which could have come from
another client).  (An unintended information channel! :-)

From: Magnus Carlsson <magnus@galois.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
---

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 890f852d73..3f304b0e41 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -575,8 +575,10 @@ struct node *get_node(struct connection *conn,
 	/* If we don't have permission, we don't have node. */
 	if (node) {
 		if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
-		    != perm)
+		    != perm) {
+			errno = EACCES;
 			node = NULL;
+		}
 	}
 	/* Clean up errno if they weren't supposed to know. */
 	if (!node)