Mailing List Archive

commit 1d24e551b99a85f50c69e72b7828a7d6c4c4e7a5
Author: Juergen Gross <jgross@suse.com>
AuthorDate: Mon Jan 25 08:23:31 2021 +0100
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Mon Jan 25 15:13:29 2021 +0000

tools/xenstore: fix use after free bug in xenstore_control

There is a very unlikely use after free bug and a memory leak in
live_update_start() of xenstore_control. Fix those.

Coverity-Id: 1472399
Fixes: 7f97193e6aa858 ("tools/xenstore: add live update command to xenstore-control")
Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
tools/xenstore/xenstore_control.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/tools/xenstore/xenstore_control.c b/tools/xenstore/xenstore_control.c
index 0c95cf767c..f6f4626c06 100644
--- a/tools/xenstore/xenstore_control.c
+++ b/tools/xenstore/xenstore_control.c
@@ -43,7 +43,12 @@ static int live_update_start(struct xs_handle *xsh, bool force, unsigned int to)
if (len < 0)
return 1;

+ ret = strdup("BUSY");
+ if (!ret)
+ return 1;
+
for (time_start = time(NULL); time(NULL) - time_start < to;) {
+ free(ret);
ret = xs_control_command(xsh, "live-update", buf, len);
if (!ret)
goto err;
--
generated by git-patchbot for /home/xen/git/xen.git#staging