Jan Beulich
2012-Jan-24 13:52 UTC
[PATCH] xenbus_dev: add missing error check to watch handling
So far only the watch path was checked to be zero terminated, while
the watch token was merely assumed to be.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
drivers/xen/xenbus/xenbus_dev_frontend.c | 4 ++++
1 file changed, 4 insertions(+)
--- 3.3-rc1/drivers/xen/xenbus/xenbus_dev_frontend.c
+++ 3.3-rc1-xenbus-dev-write-watch/drivers/xen/xenbus/xenbus_dev_frontend.c
@@ -369,6 +369,10 @@ static int xenbus_write_watch(unsigned m
goto out;
}
token++;
+ if (memchr(token, 0, u->u.msg.len - (token - path)) == NULL) {
+ rc = -EILSEQ;
+ goto out;
+ }
if (msg_type == XS_WATCH) {
watch = alloc_watch_adapter(path, token);
Possibly Parallel Threads
Wisdom of the Ancients
