tools/xenstored: Harden corrupt()

At the moment, corrupt() is neither checking for allocation failure
nor freeing the allocated memory.

Harden the code by printing ENOMEM if the allocation failed and
free 'str' after the last use.

This is not considered to be a security issue because corrupt() should
only be called when Xenstored thinks the database is corrupted. Note
that the trigger (i.e. a guest reliably provoking the call) would be
a security issue.

Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to recover from store")
Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Juergen Gross <jgross@suse.com>

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index fa733e714e9a3911819aa0734d54f6fcde17f2b0..8867f93431d481fc55f6ac02dcc8c90a79cfbfdd 100644 (file)
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -2065,7 +2065,10 @@ void corrupt(struct connection *conn, const char *fmt, ...)
        va_end(arglist);
 
        log("corruption detected by connection %i: err %s: %s",
-           conn ? (int)conn->id : -1, strerror(saved_errno), str);
+           conn ? (int)conn->id : -1, strerror(saved_errno),
+           str ?: "ENOMEM");
+
+       talloc_free(str);
 
        check_store();
 }