1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
From 91a9ac6e9be5aa94020f5c482e6c51b581e2ea39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com>
Date: Tue, 8 Nov 2022 14:24:19 +0000
Subject: [PATCH 22/89] tools/oxenstored/syslog: Avoid potential NULL
dereference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
strdup() may return NULL. Check for this before passing to syslog().
Drop const from c_msg. It is bogus, as demonstrated by the need to cast to
void * in order to free the memory.
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Acked-by: Christian Lindig <christian.lindig@citrix.com>
(cherry picked from commit acd3fb6d65905f8a185dcb9fe6a330a591b96203)
---
tools/ocaml/xenstored/syslog_stubs.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c
index 875d48ad57..e16c3a9491 100644
--- a/tools/ocaml/xenstored/syslog_stubs.c
+++ b/tools/ocaml/xenstored/syslog_stubs.c
@@ -14,6 +14,7 @@
#include <syslog.h>
#include <string.h>
+#include <caml/fail.h>
#include <caml/mlvalues.h>
#include <caml/memory.h>
#include <caml/alloc.h>
@@ -35,14 +36,16 @@ static int __syslog_facility_table[] = {
value stub_syslog(value facility, value level, value msg)
{
CAMLparam3(facility, level, msg);
- const char *c_msg = strdup(String_val(msg));
+ char *c_msg = strdup(String_val(msg));
int c_facility = __syslog_facility_table[Int_val(facility)]
| __syslog_level_table[Int_val(level)];
+ if ( !c_msg )
+ caml_raise_out_of_memory();
caml_enter_blocking_section();
syslog(c_facility, "%s", c_msg);
caml_leave_blocking_section();
- free((void*)c_msg);
+ free(c_msg);
CAMLreturn(Val_unit);
}
--
2.40.0
|
GitWeb
