From: Norbert Manthey <nmanthey@amazon.de>
Date: Fri, 26 Feb 2021 14:41:44 +0000 (+0100)
Subject: tools/xenstore: Harden xs_domain_is_introduced()
X-Git-Tag: archive/raspbian/4.16.0+51-g0941d6cb-1+rpi1~2^2~42^2~839
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=243036df0d55673de59c214e240b9b914d278b65;p=xen.git

tools/xenstore: Harden xs_domain_is_introduced()

The function single_with_domid() may return NULL if something
went wrong (e.g. XenStored returns an error or the connection is
in bad state).

They are unlikely but not impossible, so it would be better to
return an error and allow the caller to handle it gracefully rather
than crashing.

In this case we should treat it as the domain has disappeared (i.e.
return false) as the caller will not likely going to be able to
communicate with XenStored again.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Julien Grall <jgrall@amazon.co.uk>
Reviewed-by: Raphael Ning <raphning@amazon.co.uk>
Reviewed-by: Juergen Gross <jgross@suse.com>
Release-Acked-by: Ian Jackson <iwj@xenproject.org>
---

diff --git a/tools/libs/store/xs.c b/tools/libs/store/xs.c
index b6ecbd787e..c91377c27f 100644
--- a/tools/libs/store/xs.c
+++ b/tools/libs/store/xs.c
@@ -1180,7 +1180,12 @@ bool xs_path_is_subpath(const char *parent, const char *child)
 bool xs_is_domain_introduced(struct xs_handle *h, unsigned int domid)
 {
 	char *domain = single_with_domid(h, XS_IS_DOMAIN_INTRODUCED, domid);
-	int rc = strcmp("F", domain);
+	bool rc = false;
+
+	if (!domain)
+		return rc;
+
+	rc = strcmp("F", domain) != 0;
 
 	free(domain);
 	return rc;