From 753f8d9b332701c4d7f5ffcff552cdea9472ceaa Mon Sep 17 00:00:00 2001 From: Christian Lindig Date: Mon, 13 Aug 2018 17:26:56 +0100 Subject: [PATCH] tools/oxenstored: Make evaluation order explicit In Store.path_write(), Path.apply_modify() updates the node_created reference and both the value of apply_modify() and node_created are returned by path_write(). At least with OCaml 4.06.1 this leads to the value of node_created being returned *before* it is updated by apply_modify(). This in turn leads to the quota for a domain not being updated in Store.write(). Hence, a guest can create an unlimited number of entries in xenstore. The fix is to make evaluation order explicit. This is XSA-272. Signed-off-by: Christian Lindig Reviewed-by: Rob Hoes (cherry picked from commit 73392c7fd14c59f8c96e0b2eeeb329e4ae9086b6) --- tools/ocaml/xenstored/store.ml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/ocaml/xenstored/store.ml b/tools/ocaml/xenstored/store.ml index 9f619b8fd5..8b0727f8a8 100644 --- a/tools/ocaml/xenstored/store.ml +++ b/tools/ocaml/xenstored/store.ml @@ -257,7 +257,8 @@ let path_write store perm path value = Node.check_perm store.root perm Perms.WRITE; Node.set_value store.root value, false ) else - Path.apply_modify store.root path do_write, !node_created + let root = Path.apply_modify store.root path do_write in + root, !node_created let path_rm store perm path = let do_rm node name = -- 2.39.5