From: Julien Grall <jgrall@amazon.com>
Date: Thu, 25 Feb 2021 15:15:23 +0000 (+0000)
Subject: tools/xenstored: Avoid unnecessary talloc_strdup() in do_control_lu()
X-Git-Tag: 4.15.0-rc3~52
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=2fc7939e26d223b2a8ce37204ea479d013444b7f;p=people%2Ftklengyel%2Fxen.git

tools/xenstored: Avoid unnecessary talloc_strdup() in do_control_lu()

At the moment, the return of talloc_strdup() is not checked. This means
we may dereference a NULL pointer if the allocation failed.

However, it is pointless to allocate the memory as send_reply() will
copy the data to a different buffer. So drop the use of talloc_strdup().

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: fecab256d474 ("tools/xenstore: add basic live-update command parsing")
Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Release-Acked-by: Ian Jackson <iwj@xenproject.org>
---

diff --git a/tools/xenstore/xenstored_control.c b/tools/xenstore/xenstored_control.c
index f10beaf85e..e8a501acdb 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -691,7 +691,6 @@ static const char *lu_start(const void *ctx, struct connection *conn,
 static int do_control_lu(void *ctx, struct connection *conn,
 			 char **vec, int num)
 {
-	const char *resp;
 	const char *ret = NULL;
 	unsigned int i;
 	bool force = false;
@@ -734,8 +733,7 @@ static int do_control_lu(void *ctx, struct connection *conn,
 
 	if (!ret)
 		ret = "OK";
-	resp = talloc_strdup(ctx, ret);
-	send_reply(conn, XS_CONTROL, resp, strlen(resp) + 1);
+	send_reply(conn, XS_CONTROL, ret, strlen(ret) + 1);
 	return 0;
 }
 #endif