agent-smith

xs_write in mock_xenstore needs to strdup path

Bug #623840 reported by Chris Behrens
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
agent-smith
Fix Committed
Undecided
Unassigned

Bug Description

xs_write()'s path argument can be something on the stack from a caller which disappears before it is picked up when later processing.

This is the line in question:

n->path = path;

'n' gets added to the pending_notifications slist.. Later when xs_read_watch() is called... n->path is pointing to stack space that is gone. So, we need to strdup the path into n->path

Related branches

lp:~cbehrens/agent-smith/bug623840 (Merged)
Revision history for this message
Chris Behrens (cbehrens) wrote :

Also, same thing happens in xs_write() when storing ->token (and probably ->path)

Revision history for this message
Chris Behrens (cbehrens) wrote :

And fixing the munmap() being missing in read_from_spool_and_send_to_xen() reveals that xen_write_path->xs_write also stores 'buf'.. When you munmap() buf... The stored 'buf' in mock_xenstore points to bogus space.

So, obj->buf = buf; also needs to be fixed to malloc memory and memcpy.

Revision history for this message
Chris Behrens (cbehrens) wrote :

Attached patch will address after slist improvements are committed... otherwise there'll be a conflict.

Chris Behrens (cbehrens)
Changed in agent-smith:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.