From: Julien Grall <[email protected]>
At the moment, the return of talloc_strdup() is not checked. This means
we may dereference a NULL pointer if the allocation failed.
However, it is pointless to allocate the memory as send_reply() will
copy the data to a different buffer. So drop the use of talloc_strdup().
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Fixes: fecab256d474 ("tools/xenstore: add basic live-update command parsing")
Signed-off-by: Julien Grall <[email protected]>
---
tools/xenstore/xenstored_control.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/tools/xenstore/xenstored_control.c
b/tools/xenstore/xenstored_control.c
index f10beaf85eb4..e8a501acdb62 100644
--- a/tools/xenstore/xenstored_control.c
+++ b/tools/xenstore/xenstored_control.c
@@ -691,7 +691,6 @@ static const char *lu_start(const void *ctx, struct
connection *conn,
static int do_control_lu(void *ctx, struct connection *conn,
char **vec, int num)
{
- const char *resp;
const char *ret = NULL;
unsigned int i;
bool force = false;
@@ -734,8 +733,7 @@ static int do_control_lu(void *ctx, struct connection *conn,
if (!ret)
ret = "OK";
- resp = talloc_strdup(ctx, ret);
- send_reply(conn, XS_CONTROL, resp, strlen(resp) + 1);
+ send_reply(conn, XS_CONTROL, ret, strlen(ret) + 1);
return 0;
}
#endif
--
2.17.1
