Re: [PATCH] tools/xenstored: Harden corrupt()

[Julien Grall <julien@xxxxxxx>]

On 23/06/2022 13:59, Jan Beulich wrote:
> On 23.06.2022 13:24, Julien Grall wrote:
> > From: Julien Grall <jgrall@xxxxxxxxxx>
> >
> > At the moment, corrupt() is neither checking for allocation failure
> > nor freeing the allocated memory.
> >
> > Harden the code by printing ENOMEM if the allocation failed and
> > free 'str' after the last use.
> >
> > This is not considered to be a security issue because corrupt() should
> > only be called when Xenstored thinks the database is corrupted. Note
> > that the trigger (i.e. a guest reliably provoking the call) would be
> > a security issue.
> >
> > Fixes: 06d17943f0cd ("Added a basic integrity checker, and some basic ability to 
> > recover from store")
> > Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>
> Is this something which would want queuing for backport?
I would say yes. There are a couple of more Xenstored patches I would 
consider for backporting:
fe9be76d880b tools/xenstore: fix error handling of check_store()
b977929d3646 tools/xenstore: fix hashtable_expand() zeroing new area

Who is taking care of tools backport nowadays?

Cheers,

--
Julien Grall