WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on c

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on count field read from a domain
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Jun 2007 05:03:24 -0700
Delivery-date: Thu, 21 Jun 2007 05:01:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1182415659 -3600
# Node ID a83632dfbb28038ec4218e00f92ea220a85b6887
# Parent  11bf94b2d51a10980a88aa3ee0b3b8c6e14cbfe0
libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 tools/libxc/xc_domain_restore.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff -r 11bf94b2d51a -r a83632dfbb28 tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c   Wed Jun 20 19:31:37 2007 +0100
+++ b/tools/libxc/xc_domain_restore.c   Thu Jun 21 09:47:39 2007 +0100
@@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int
 
     /* Get the list of PFNs that are not in the psuedo-phys map */
     {
-        unsigned int count;
+        unsigned int count = 0;
         unsigned long *pfntab;
         int nr_frees, rc;
 
-        if ( !read_exact(io_fd, &count, sizeof(count)) )
-        {
-            ERROR("Error when reading pfn count");
+        if ( !read_exact(io_fd, &count, sizeof(count)) ||
+             (count > (1U << 28)) ) /* up to 1TB of address space */
+        {
+            ERROR("Error when reading pfn count (= %u)", count);
             goto out;
         }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on count field read from a domain, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] Rename ddc_info -> vbeddc_info in interface header., Xen patchbot-unstable
Next by Date:  [Xen-changelog] [linux-2.6.18-xen] linux/x86: Obtain EDD info from Xen, Xen patchbot-linux-2.6.18-xen
Previous by Thread:  [Xen-changelog] [xen-unstable] Rename ddc_info -> vbeddc_info in interface header., Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [linux-2.6.18-xen] linux/x86: Obtain EDD info from Xen, Xen patchbot-linux-2.6.18-xen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy