From: vhanquez@kneesa.uk.xensource.com <vhanquez@kneesa.uk.xensource.com>
Date: Thu, 11 May 2006 14:51:56 +0000 (+0100)
Subject: dom0 and anonymous connections can create unlimited sized entries in the store.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~16047^2~83
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=7e8cc1fb7f2b24c6c7724c231f72219f8034041a;p=xen.git

dom0 and anonymous connections can create unlimited sized entries in the store.

Signed-off-by: Vincent Hanquez <vincent@xensource.com>
---

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 2dcf9cf591..5c08934cdb 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -461,7 +461,7 @@ static bool write_node(struct connection *conn, const struct node *node)
 		+ node->num_perms*sizeof(node->perms[0])
 		+ node->datalen + node->childlen;
 
-	if (data.dsize >= quota_max_entry_size)
+	if (domain_is_unprivileged(conn) && data.dsize >= quota_max_entry_size)
 		goto error;
 
 	data.dptr = talloc_size(node, data.dsize);
diff --git a/tools/xenstore/xenstored_domain.c b/tools/xenstore/xenstored_domain.c
index 0de6f99c17..fa45e5dbde 100644
--- a/tools/xenstore/xenstored_domain.c
+++ b/tools/xenstore/xenstored_domain.c
@@ -250,6 +250,11 @@ bool domain_can_read(struct connection *conn)
 	return (intf->req_cons != intf->req_prod);
 }
 
+bool domain_is_unprivileged(struct connection *conn)
+{
+	return (conn && conn->domain && conn->domain->domid != 0);
+}
+
 bool domain_can_write(struct connection *conn)
 {
 	struct xenstore_domain_interface *intf = conn->domain->interface;
@@ -587,7 +592,7 @@ void domain_entry_dec(struct connection *conn)
 
 int domain_entry(struct connection *conn)
 {
-	return (conn && conn->domain && conn->domain->domid)
+	return (domain_is_unprivileged(conn))
 		? conn->domain->nbentry
 		: 0;
 }
@@ -609,7 +614,7 @@ void domain_watch_dec(struct connection *conn)
 
 int domain_watch(struct connection *conn)
 {
-	return (conn && conn->domain && conn->domain->domid)
+	return (domain_is_unprivileged(conn))
 		? conn->domain->nbwatch
 		: 0;
 }
diff --git a/tools/xenstore/xenstored_domain.h b/tools/xenstore/xenstored_domain.h
index e350746639..38f26b52de 100644
--- a/tools/xenstore/xenstored_domain.h
+++ b/tools/xenstore/xenstored_domain.h
@@ -47,6 +47,8 @@ void restore_existing_connections(void);
 bool domain_can_read(struct connection *conn);
 bool domain_can_write(struct connection *conn);
 
+bool domain_is_unprivileged(struct connection *conn);
+
 /* Quota manipulation */
 void domain_entry_inc(struct connection *conn);
 void domain_entry_dec(struct connection *conn);