Mailing List Archive

[xen stable-4.17] tools/oxenstored/syslog: Avoid potential NULL dereference
commit 91a9ac6e9be5aa94020f5c482e6c51b581e2ea39
Author: Edwin Török <edvin.torok@citrix.com>
AuthorDate: Tue Nov 8 14:24:19 2022 +0000
Commit: Andrew Cooper <andrew.cooper3@citrix.com>
CommitDate: Tue Dec 20 13:13:40 2022 +0000

tools/oxenstored/syslog: Avoid potential NULL dereference

strdup() may return NULL. Check for this before passing to syslog().

Drop const from c_msg. It is bogus, as demonstrated by the need to cast to
void * in order to free the memory.

Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Acked-by: Christian Lindig <christian.lindig@citrix.com>
(cherry picked from commit acd3fb6d65905f8a185dcb9fe6a330a591b96203)
---
tools/ocaml/xenstored/syslog_stubs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c
index 875d48ad57..e16c3a9491 100644
--- a/tools/ocaml/xenstored/syslog_stubs.c
+++ b/tools/ocaml/xenstored/syslog_stubs.c
@@ -14,6 +14,7 @@

#include <syslog.h>
#include <string.h>
+#include <caml/fail.h>
#include <caml/mlvalues.h>
#include <caml/memory.h>
#include <caml/alloc.h>
@@ -35,14 +36,16 @@ static int __syslog_facility_table[] = {
value stub_syslog(value facility, value level, value msg)
{
CAMLparam3(facility, level, msg);
- const char *c_msg = strdup(String_val(msg));
+ char *c_msg = strdup(String_val(msg));
int c_facility = __syslog_facility_table[Int_val(facility)]
| __syslog_level_table[Int_val(level)];

+ if ( !c_msg )
+ caml_raise_out_of_memory();
caml_enter_blocking_section();
syslog(c_facility, "%s", c_msg);
caml_leave_blocking_section();

- free((void*)c_msg);
+ free(c_msg);
CAMLreturn(Val_unit);
}
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.17