On 27.07.23 09:53, Jan Beulich wrote:
On 24.07.2023 12:33, Juergen Gross wrote:In case get_spec_node() is being called for a special node starting with '@' it won't set *canonical_name. This can result in a crash of xenstored due to dereferencing the uninitialized name in fire_watches().This is no security issue as it requires either a privileged caller or ownership of the special node in question by an unprivileged caller (which is questionable, as this would make the owner privileged in some way). Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special watch paths") Signed-off-by: Juergen Gross <jgr...@suse.com> Reviewed-by: Julien Grall <jgr...@amazon.com>I've committed the two patches, and I've queued this one for backporting.
Thanks.
Can at least one of you please confirm that the earlier patch is not intended to be backported, and that instead a cast will need adding in the backport of the one here?
Yes, that was the plan. Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
