diff options
author | kaf24@localhost.localdomain <kaf24@localhost.localdomain> | 2006-11-11 01:23:11 +0000 |
---|---|---|
committer | kaf24@localhost.localdomain <kaf24@localhost.localdomain> | 2006-11-11 01:23:11 +0000 |
commit | 22ed12a0f3266df4714057f9bdf2dfc9577bf80e (patch) | |
tree | 45cd6b4105d6f1addc5d325c3981766ec793a9b5 /tools/xenstore/xenstored_core.c | |
parent | e4ecc8e7f777f32e6512def4a25f7d1f7b1bd52b (diff) | |
download | xen-22ed12a0f3266df4714057f9bdf2dfc9577bf80e.tar.gz xen-22ed12a0f3266df4714057f9bdf2dfc9577bf80e.tar.bz2 xen-22ed12a0f3266df4714057f9bdf2dfc9577bf80e.zip |
[XENSTORED] Fix errno 'leak' in xenstored.
In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back. As a result, the client can learn about the errno of
the last failed request to xenstored (which could have come from
another client). (An unintended information channel! :-)
From: Magnus Carlsson <magnus@galois.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
Diffstat (limited to 'tools/xenstore/xenstored_core.c')
-rw-r--r-- | tools/xenstore/xenstored_core.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c index 890f852d73..3f304b0e41 100644 --- a/tools/xenstore/xenstored_core.c +++ b/tools/xenstore/xenstored_core.c @@ -575,8 +575,10 @@ struct node *get_node(struct connection *conn, /* If we don't have permission, we don't have node. */ if (node) { if ((perm_for_conn(conn, node->perms, node->num_perms) & perm) - != perm) + != perm) { + errno = EACCES; node = NULL; + } } /* Clean up errno if they weren't supposed to know. */ if (!node) |