Xen project Mailing List

Re: [Xen-devel] [PATCH] libxl: Fix error handling in libxl_userdata_unlink

To: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 24 Sep 2014 15:39:34 +0100

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, security@xxxxxxxxxxxxxx

Delivery-date: Wed, 24 Sep 2014 14:39:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 24/09/14 15:30, Ian Jackson wrote: > Previously: > * rc would not be set before leaving the function, with the > result that an uninitialised value would be returned > * failures of libxl__userdata_path would result in a NULL dereference > * failures of unlink() would not be usefully logged > > This appears to be due to an attempt to avoid having to repeat the > call to libxl__unlock_domain_userdata by informally sharing parts of > the success and failure paths. > > Change to use the canonical error-handling style: > * Initialise lock to 0. > * Do the unlock in the `out' section - always attempt to unlock > lock if it is non-0. > * Explicitly set rc and `goto out' on all error paths, even > those right at the end of the function. > * Add an error check for filename = libxl__userdata_path(...); > > (CCing security@ because they receive the Coverity reports. This is > not a security problem AFAICT.) How about coverty@ which includes some of us not on securty@ ? > > Coverity-ID: 1240237, 1240235. > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: security@xxxxxxxxxxxxxx > Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> > --- > tools/libxl/libxl_dom.c | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c > index bd21841..9eb74ec 100644 > --- a/tools/libxl/libxl_dom.c > +++ b/tools/libxl/libxl_dom.c > @@ -2097,12 +2097,12 @@ int libxl_userdata_unlink(libxl_ctx *ctx, uint32_t > domid, > const char *userdata_userid) > { > GC_INIT(ctx); > - int rc; > + CTX_LOCK; > > - libxl__domain_userdata_lock *lock; > + int rc; > + libxl__domain_userdata_lock *lock = 0; Pointers should be initialised to NULL rather than 0. With this change, Reviewed-by: Andrew Cooper<andrew.cooper3@xxxxxxxxxx> > const char *filename; > > - CTX_LOCK; > lock = libxl__lock_domain_userdata(gc, domid); > if (!lock) { > rc = ERROR_LOCK_FAIL; > @@ -2110,10 +2110,20 @@ int libxl_userdata_unlink(libxl_ctx *ctx, uint32_t > domid, > } > > filename = libxl__userdata_path(gc, domid, userdata_userid, "d"); > - if (unlink(filename)) rc = ERROR_FAIL; > + if (!filename) { > + rc = ERROR_FAIL; > + goto out; > + } > + if (unlink(filename)) { > + LOGE(ERROR, "error deleting userdata file: %s", filename); > + rc = ERROR_FAIL; > + goto out; > + } > > - libxl__unlock_domain_userdata(lock); > + rc = 0; > out: > + if (lock) > + libxl__unlock_domain_userdata(lock); > CTX_UNLOCK; > GC_FREE; > return rc; _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.