Message ID | 20210125072331.22093-1-jgross@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | tools/xenstore: fix use after free bug in xenstore_control | expand |
On 25/01/2021 07:23, Juergen Gross wrote: > There is a very unlikely use after free bug and a memory leak in > live_update_start() of xenstore_control. Fix those. > > Coverity-Id: 1472399 > Fixes: 7f97193e6aa858 ("tools/xenstore: add live update command to xenstore-control") > Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
diff --git a/tools/xenstore/xenstore_control.c b/tools/xenstore/xenstore_control.c index 0c95cf767c..f6f4626c06 100644 --- a/tools/xenstore/xenstore_control.c +++ b/tools/xenstore/xenstore_control.c @@ -43,7 +43,12 @@ static int live_update_start(struct xs_handle *xsh, bool force, unsigned int to) if (len < 0) return 1; + ret = strdup("BUSY"); + if (!ret) + return 1; + for (time_start = time(NULL); time(NULL) - time_start < to;) { + free(ret); ret = xs_control_command(xsh, "live-update", buf, len); if (!ret) goto err;
There is a very unlikely use after free bug and a memory leak in live_update_start() of xenstore_control. Fix those. Coverity-Id: 1472399 Fixes: 7f97193e6aa858 ("tools/xenstore: add live update command to xenstore-control") Signed-off-by: Juergen Gross <jgross@suse.com> --- tools/xenstore/xenstore_control.c | 5 +++++ 1 file changed, 5 insertions(+)