projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 49ed711) | patch
tools/xenstore: drop watch event messages exceeding maximum size
authorJuergen Gross <jgross@suse.com>
Tue, 15 Dec 2020 13:08:21 +0000 (14:08 +0100)
committerJan Beulich <jbeulich@suse.com>
Tue, 15 Dec 2020 13:08:21 +0000 (14:08 +0100)
commit7214cc7457a2862984039e96f21a5e03bfd16c50
tree7c6158814de58941b973d613895f283baf510d8btree | snapshot
parent49ed711a956e8bd0c634e1c030d4734eadad673bcommit | diff
tools/xenstore: drop watch event messages exceeding maximum size

By setting a watch with a very large tag it is possible to trick
xenstored to send watch event messages exceeding the maximum allowed
payload size. This might in turn lead to a crash of xenstored as the
resulting error can cause dereferencing a NULL pointer in case there
is no active request being handled by the guest the watch event is
being sent to.

Fix that by just dropping such watch events. Additionally modify the
error handling to test the pointer to be not NULL before dereferencing
it.

This is XSA-324.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
tools/xenstore/xenstored_core.c diff | blob | history
tools/xenstore/xenstored_watch.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.