[PATCH v3 2/2] tools/xenstore: fix get_spec_node()

[Juergen Gross <jgross@xxxxxxxx>]

In case get_spec_node() is being called for a special node starting
with '@' it won't set *canonical_name. This can result in a crash of
xenstored due to dereferencing the uninitialized name in
fire_watches().

This is no security issue as it requires either a privileged caller or
ownership of the special node in question by an unprivileged caller
(which is questionable, as this would make the owner privileged in some
way).

Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special watch 
paths")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
---
V2:
- avoid casting const away (Julien Grall)
---
 tools/xenstore/xenstored_core.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c
index 6d27b2dd7f..9f1328a31f 100644
--- a/tools/xenstore/xenstored_core.c
+++ b/tools/xenstore/xenstored_core.c
@@ -1253,8 +1253,11 @@ static struct node *get_spec_node(struct connection 
*conn, const void *ctx,
                                  const char *name, const char **canonical_name,
                                  unsigned int perm)
 {
-       if (name[0] == '@')
+       if (name[0] == '@') {
+               if (canonical_name)
+                       *canonical_name = name;
                return get_node(conn, ctx, name, perm);
+       }
 
        return get_node_canonicalized(conn, ctx, name, canonical_name, perm);
 }
-- 
2.35.3