1 files changed, 55 insertions, 0 deletions

diff --git a/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch b/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch
new file mode 100644
index 0000000..eb6d42e
--- /dev/null
+++ b/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch
@@ -0,0 +1,55 @@
+From 91a9ac6e9be5aa94020f5c482e6c51b581e2ea39 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com>
+Date: Tue, 8 Nov 2022 14:24:19 +0000
+Subject: [PATCH 22/89] tools/oxenstored/syslog: Avoid potential NULL
+ dereference
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+strdup() may return NULL.  Check for this before passing to syslog().
+
+Drop const from c_msg.  It is bogus, as demonstrated by the need to cast to
+void * in order to free the memory.
+
+Signed-off-by: Edwin Török <edvin.torok@citrix.com>
+Acked-by: Christian Lindig <christian.lindig@citrix.com>
+(cherry picked from commit acd3fb6d65905f8a185dcb9fe6a330a591b96203)
+---
+ tools/ocaml/xenstored/syslog_stubs.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c
+index 875d48ad57..e16c3a9491 100644
+--- a/tools/ocaml/xenstored/syslog_stubs.c
++++ b/tools/ocaml/xenstored/syslog_stubs.c
+@@ -14,6 +14,7 @@
+ 
+ #include <syslog.h>
+ #include <string.h>
++#include <caml/fail.h>
+ #include <caml/mlvalues.h>
+ #include <caml/memory.h>
+ #include <caml/alloc.h>
+@@ -35,14 +36,16 @@ static int __syslog_facility_table[] = {
+ value stub_syslog(value facility, value level, value msg)
+ {
+ 	CAMLparam3(facility, level, msg);
+-	const char *c_msg = strdup(String_val(msg));
++	char *c_msg = strdup(String_val(msg));
+ 	int c_facility = __syslog_facility_table[Int_val(facility)]
+ 	               | __syslog_level_table[Int_val(level)];
+ 
++	if ( !c_msg )
++		caml_raise_out_of_memory();
+ 	caml_enter_blocking_section();
+ 	syslog(c_facility, "%s", c_msg);
+ 	caml_leave_blocking_section();
+ 
+-	free((void*)c_msg);
++	free(c_msg);
+ 	CAMLreturn(Val_unit);
+ }
+-- 
+2.40.0
+