tools/xenstore: Harden xs_domain_is_introduced()

The function single_with_domid() may return NULL if something
went wrong (e.g. XenStored returns an error or the connection is
in bad state).

They are unlikely but not impossible, so it would be better to
return an error and allow the caller to handle it gracefully rather
than crashing.

In this case we should treat it as the domain has disappeared (i.e.
return false) as the caller will not likely going to be able to
communicate with XenStored again.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Reviewed-by: Julien Grall <jgrall@amazon.co.uk>
Reviewed-by: Raphael Ning <raphning@amazon.co.uk>
Reviewed-by: Juergen Gross <jgross@suse.com>
Release-Acked-by: Ian Jackson <iwj@xenproject.org>

diff --git a/tools/libs/store/xs.c b/tools/libs/store/xs.c
index b6ecbd787e70fcfcb40269859e08ef52e44b8bc1..c91377c27f2f8e81a613b8faaa2651f4a207de12 100644 (file)
--- a/tools/libs/store/xs.c
+++ b/tools/libs/store/xs.c
@@ -1180,7 +1180,12 @@ bool xs_path_is_subpath(const char *parent, const char *child)
 bool xs_is_domain_introduced(struct xs_handle *h, unsigned int domid)
 {
        char *domain = single_with_domid(h, XS_IS_DOMAIN_INTRODUCED, domid);
-       int rc = strcmp("F", domain);
+       bool rc = false;
+
+       if (!domain)
+               return rc;
+
+       rc = strcmp("F", domain) != 0;
 
        free(domain);
        return rc;