WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH]: fix crash in various tools by permitting xs_*()

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH]: fix crash in various tools by permitting xs_*() with NULL path
From: Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
Date: Tue, 20 Jul 2010 18:16:38 +0100
Cc: Xen Devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Tue, 20 Jul 2010 10:21:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <19525.52837.149559.660268@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1279641356.1723.1940.camel@xxxxxxxxxxxxxxxxxxxxxx> <19525.52837.149559.660268@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Tue, 2010-07-20 at 17:27 +0100, Ian Jackson wrote:
> Gianni Tedesco writes ("[Xen-devel] [PATCH]: fix crash in various tools by 
> permitting xs_*() with NULL path"):
> > Many tools generate xenstore paths and then perform operations on those
> > paths without checking for NULL.
> 
> Do they ?  Those tools are buggy.
> 
> > While strictly this may be considered a bug in the tools it makes sense
> > to consider making these no-ops as a convenience measure.
> 
> I think this is fine for things like deletion but not otherwise.  So I
> think in the case of libxenstore only xs_rm should be modified like
> this.

I may be defeating my own argument but here is an alternative (let's
forget strdup() out of memory case and let it crash and burn):

8<---------------------
Fix segfault in xl destroy when xenstore has been fowled up

libxl_dirname() returns NULL if a string is passed to it which doesn't
look like a xenstore key. During xl destroy libxl_dirname is used to
generate an xs path in order to remove device backend keys. If a
nonsense key has been put in there resulting in NULL backend path this
will crash xl.

diff -r 1eea12f66951 tools/libxl/libxl_device.c
--- a/tools/libxl/libxl_device.c        Tue Jul 20 17:14:43 2010 +0100
+++ b/tools/libxl/libxl_device.c        Tue Jul 20 18:05:19 2010 +0100
@@ -344,7 +344,8 @@ int libxl_devices_destroy(struct libxl_c
     }
     for (i = 0; i < n; i++) {
         flexarray_get(toremove, i, (void**) &path);
-        xs_rm(clone.xsh, XBT_NULL, path);
+        if ( path )
+            xs_rm(clone.xsh, XBT_NULL, path);
     }
     flexarray_free(toremove);
     libxl_ctx_free(&clone);



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel