| Message ID | 20210225174131.10115-2-julien@xen.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xenstore: Address coverity issues in the LiveUpdate code | expand |
On 25.02.21 18:41, Julien Grall wrote: > From: Julien Grall <jgrall@amazon.com> > > At the moment, the return of talloc_strdup() is not checked. This means > we may dereference a NULL pointer if the allocation failed. > > However, it is pointless to allocate the memory as send_reply() will > copy the data to a different buffer. So drop the use of talloc_strdup(). > > This bug was discovered and resolved using Coverity Static Analysis > Security Testing (SAST) by Synopsys, Inc. > > Fixes: fecab256d474 ("tools/xenstore: add basic live-update command parsing") > Signed-off-by: Julien Grall <jgrall@amazon.com> Reviewed-by: Juergen Gross <jgross@suse.com> Juergen
diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_control.c index f10beaf85eb4..e8a501acdb62 100644 --- a/tools/xenstore/xenstored_control.c +++ b/tools/xenstore/xenstored_control.c @@ -691,7 +691,6 @@ static const char *lu_start(const void *ctx, struct connection *conn, static int do_control_lu(void *ctx, struct connection *conn, char **vec, int num) { - const char *resp; const char *ret = NULL; unsigned int i; bool force = false; @@ -734,8 +733,7 @@ static int do_control_lu(void *ctx, struct connection *conn, if (!ret) ret = "OK"; - resp = talloc_strdup(ctx, ret); - send_reply(conn, XS_CONTROL, resp, strlen(resp) + 1); + send_reply(conn, XS_CONTROL, ret, strlen(ret) + 1); return 0; } #endif