[XENSTORED] Fix errno 'leak' in xenstored.

In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back.  As a result, the client can learn about the errno of
the last failed request to xenstored (which could have come from
another client).  (An unintended information channel! :-)

From: Magnus Carlsson <magnus@galois.com>
Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 890f852d731aaa7f7b7e8c5659f5227b7f465cea..3f304b0e417c94be23d2cbd0e65846916d7b9d78 100644 (file)
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -575,8 +575,10 @@ struct node *get_node(struct connection *conn,
        /* If we don't have permission, we don't have node. */
        if (node) {
                if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
-                   != perm)
+                   != perm) {
+                       errno = EACCES;
                        node = NULL;
+               }
        }
        /* Clean up errno if they weren't supposed to know. */
        if (!node)