dgit.raspbian.org Git - xen.git/commit

author	Juergen Gross <jgross@suse.com>
	Tue, 13 Sep 2022 05:35:10 +0000 (07:35 +0200)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 1 Nov 2022 13:05:44 +0000 (13:05 +0000)
commit	ab128218225d3542596ca3a02aee80d55494bef8
tree	a5665739bef8e9b09555ddc7355889e0831fb576	tree \| snapshot
parent	2a587de219cc0765330fbf9fac6827bfaf29e29b	commit \| diff

tools/xenstore: fix checking node permissions

Today chk_domain_generation() is being used to check whether a node
permission entry is still valid or whether it is referring to a domain
no longer existing. This is done by comparing the node's and the
domain's generation count.

In case no struct domain is existing for a checked domain, but the
domain itself is valid, chk_domain_generation() assumes it is being
called due to the first node created for a new domain and it will
return success.

This might be wrong in case the checked permission is related to an
old domain, which has just been replaced with a new domain using the
same domid.

Fix that by letting chk_domain_generation() fail in case a struct
domain isn't found. In order to cover the case of the first node for
a new domain try to allocate the needed struct domain explicitly when
processing the related SET_PERMS command. In case a referenced domain
isn't existing, flag the related permission to be ignored right away.

This is XSA-417 / CVE-2022-42320.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Julien Grall <jgrall@amazon.com>

tools/xenstore/xenstored_core.c		diff \| blob \| history
tools/xenstore/xenstored_domain.c		diff \| blob \| history
tools/xenstore/xenstored_domain.h		diff \| blob \| history