Fix for unassigned errno in xenstored

All of lore.kernel.org
 help / color / mirror / Atom feed

* Fix for unassigned errno in xenstored_core.c
       [not found] ` <eacc82a40610311232o71fa6e84g64c20c03ca21e810@mail.gmail.com>
@ 2006-11-10 19:45   ` Magnus Carlsson
  0 siblings, 0 replies; only message in thread
From: Magnus Carlsson @ 2006-11-10 19:45 UTC (permalink / raw)
  To: xen-devel

[-- Attachment #1: Type: text/plain, Size: 482 bytes --]

Dear all,

In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back.  As a result, the client can learn about the errno of the
last failed request to xenstored (which could have come from another
client).  (An unintended information channel! :-)

Attached is a patch that I believe fixes the problem.  Also included are
a couple of test cases that demonstrate the problem.

Cheers,
Magnus


[-- Attachment #2: xenstored_core.patch --]
[-- Type: text/x-patch, Size: 690 bytes --]

*** xenstore/xenstored_core.c	Sun Apr  9 15:05:54 2006
--- xs/xenstored_core.c	Fri Nov  3 15:57:13 2006
***************
*** 555,562 ****
  	/* If we don't have permission, we don't have node. */
  	if (node) {
  		if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
! 		    != perm)
  			node = NULL;
  	}
  	/* Clean up errno if they weren't supposed to know. */
  	if (!node) 
--- 555,564 ----
  	/* If we don't have permission, we don't have node. */
  	if (node) {
  		if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
! 		    != perm) {
! 			errno = EACCES;
  			node = NULL;
+ 		}
  	}
  	/* Clean up errno if they weren't supposed to know. */
  	if (!node) 


[-- Attachment #3: 99permissions.test --]
[-- Type: text/plain, Size: 255 bytes --]

write /a/b v
setperm /a 1 READ
setperm /a/b 1 NONE

expect read failed: No such file or directory
read /nonexistent

setid 2

# this should presumably fail with EACCES, but fails with previous error instead
expect read failed: Permission denied
read /a/b

[-- Attachment #4: 99permissions2.test --]
[-- Type: text/plain, Size: 236 bytes --]

write /a/b v
setperm /a 1 READ
setperm /a/b 1 NONE

expect read failed: Invalid argument
read //

setid 2

# this should presumably fail with EACCES, but fails with previous error instead
expect read failed: Permission denied
read /a/b

[-- Attachment #5: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-11-10 19:45 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <454277E5.9070407@galois.com>
     [not found] ` <eacc82a40610311232o71fa6e84g64c20c03ca21e810@mail.gmail.com>
2006-11-10 19:45   ` Fix for unassigned errno in xenstored_core.c Magnus Carlsson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.