Jan Beulich
2012-Jan-24 13:35 UTC
[PATCH] linux-2.6.18/xenbus_dev: add missing error checks to watch handling
So far only the watch path was checked to be zero terminated, while
the watch token was merely assumed to be.
Additionally, none of the three associated memory allocations got
checked for being successful.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/drivers/xen/xenbus/xenbus_dev.c
+++ b/drivers/xen/xenbus/xenbus_dev.c
@@ -269,18 +269,24 @@ static ssize_t xenbus_dev_write(struct f
goto out;
}
token++;
+ if (memchr(token, 0, u->u.msg.len - (token - path)) == NULL) {
+ rc = -EILSEQ;
+ goto out;
+ }
if (msg_type == XS_WATCH) {
watch = kzalloc(sizeof(*watch), GFP_KERNEL);
- watch->watch.node = kmalloc(strlen(path)+1,
- GFP_KERNEL);
- strcpy((char *)watch->watch.node, path);
+ if (watch == NULL) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ watch->watch.node = kstrdup(path, GFP_KERNEL);
watch->watch.callback = watch_fired;
- watch->token = kmalloc(strlen(token)+1, GFP_KERNEL);
- strcpy(watch->token, token);
+ watch->token = kstrdup(token, GFP_KERNEL);
watch->dev_data = u;
- err = register_xenbus_watch(&watch->watch);
+ err = watch->watch.node && watch->token
+ ? register_xenbus_watch(&watch->watch) : -ENOMEM;
if (err) {
free_watch_adapter(watch);
rc = err;
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Seemingly Similar Threads
Wisdom of the Ancients
