projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bf07039) | patch
tools/xenstore: drop watch event messages exceeding maximum size
authorJuergen Gross <jgross@suse.com>
Tue, 15 Dec 2020 12:36:42 +0000 (13:36 +0100)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 12:36:42 +0000 (13:36 +0100)
commit5a3f7a05a3680a52d52053fa0a3ce9afea5b8c81
tree9ec952f80c0a7ff7a7c4921c0b88f3e6e3996957tree | snapshot
parentbf0703992c62d89e30a9051c363055387257f24fcommit | diff
tools/xenstore: drop watch event messages exceeding maximum size

By setting a watch with a very large tag it is possible to trick
xenstored to send watch event messages exceeding the maximum allowed
payload size. This might in turn lead to a crash of xenstored as the
resulting error can cause dereferencing a NULL pointer in case there
is no active request being handled by the guest the watch event is
being sent to.

Fix that by just dropping such watch events. Additionally modify the
error handling to test the pointer to be not NULL before dereferencing
it.

This is XSA-324.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.