tools/oxenstored: Make evaluation order explicit

In Store.path_write(), Path.apply_modify() updates the node_created
reference and both the value of apply_modify() and node_created are
returned by path_write().

At least with OCaml 4.06.1 this leads to the value of node_created being
returned *before* it is updated by apply_modify().  This in turn leads
to the quota for a domain not being updated in Store.write().  Hence, a
guest can create an unlimited number of entries in xenstore.

The fix is to make evaluation order explicit.

This is XSA-272.

Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Reviewed-by: Rob Hoes <rob.hoes@citrix.com>
(cherry picked from commit 73392c7fd14c59f8c96e0b2eeeb329e4ae9086b6)

diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml
index 9f619b8fd5470a9a8da9f48d7453ae3accdab7f7..8b0727f8a8574907fbd918a7f145cca88edcb845 100644 (file)
--- a/tools/ocaml/xenstored/store.ml
+++ b/tools/ocaml/xenstored/store.ml
@@ -257,7 +257,8 @@ let path_write store perm path value =
                Node.check_perm store.root perm Perms.WRITE;
                Node.set_value store.root value, false
        ) else
-               Path.apply_modify store.root path do_write, !node_created
+               let root = Path.apply_modify store.root path do_write in
+               root, !node_created
 
 let path_rm store perm path =
        let do_rm node name =