Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
xen.31431
xsa421-01.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa421-01.patch of Package xen.31431
From 246d8db540f08470c2f8789a8440173028c85b38 Mon Sep 17 00:00:00 2001 From: Juergen Gross <jgross@suse.com> Date: Tue, 13 Sep 2022 07:35:13 +0200 Subject: tools/xenstore: fix deleting node in transaction In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. This is part of XSA-421 / CVE-2022-42325. Signed-off-by: Juergen Gross <jgross@suse.com> Tested-by: Julien Grall <jgrall@amazon.com> Reviewed-by: Julien Grall <jgrall@amazon.com> --- a/tools/xenstore/xenstored_transaction.c +++ b/tools/xenstore/xenstored_transaction.c @@ -424,7 +424,13 @@ static int finalize_transaction(struct c true); talloc_free(data.dptr); } else { - ret = do_tdb_delete(conn, &key, NULL); + /* + * A node having been created and later deleted + * in this transaction will have no generation + * information stored. + */ + ret = (i->generation == NO_GENERATION) + ? 0 : do_tdb_delete(conn, &key, NULL); } if (ret) goto err;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor