On 27.07.2023 09:55, Juergen Gross wrote:
> On 27.07.23 09:53, Jan Beulich wrote:
>> On 24.07.2023 12:33, Juergen Gross wrote:
>>> In case get_spec_node() is being called for a special node starting
>>> with '@' it won't set *canonical_name. This can result in a crash of
>>> xenstored due to dereferencing the uninitialized name in
>>> fire_watches().
>>>
>>> This is no security issue as it requires either a privileged caller or
>>> ownership of the special node in question by an unprivileged caller
>>> (which is questionable, as this would make the owner privileged in some
>>> way).
>>>
>>> Fixes: d6bb63924fc2 ("tools/xenstore: introduce dummy nodes for special
>>> watch paths")
>>> Signed-off-by: Juergen Gross <jgr...@suse.com>
>>> Reviewed-by: Julien Grall <jgr...@amazon.com>
>>
>> I've committed the two patches, and I've queued this one for backporting.
>
> Thanks.
>
>> Can at least one of you please confirm that the earlier patch is not
>> intended to be backported, and that instead a cast will need adding in
>> the backport of the one here?
>
> Yes, that was the plan.
Hmm, looks like the offending patch exists only on the master branch.
Jan
