WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-3.1-testing] ioemu: security fixes for not-built or

from [Xen patchbot-3.1-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.1-testing] ioemu: security fixes for not-built or not-default-configured
From: "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Oct 2007 08:40:18 -0700
Delivery-date: Thu, 04 Oct 2007 09:28:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1191314661 -3600
# Node ID 4b22d472bda62b9ec43fca3ff7362b7284031a8d
# Parent  3ef467ebd2f89ea38d6c83598fd674818bf62e31
ioemu: security fixes for not-built or not-default-configured
subsystems.

Patches originally proposed by S. Caglar Onur and cleaned up for
xen-unstable by Robert Buchholz <rbu@xxxxxxxxxx>.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
xen-unstable changeset:   15963:0b873d909ad30e554a3ffebf14176e7257a3e023
xen-unstable date:        Wed Sep 26 09:19:12 2007 +0100
---
 tools/ioemu/hw/fdc.c    |    9 +++++++--
 tools/ioemu/hw/ne2000.c |    8 ++++++--
 tools/ioemu/hw/sb16.c   |    6 ++++--
 3 files changed, 17 insertions(+), 6 deletions(-)

diff -r 3ef467ebd2f8 -r 4b22d472bda6 tools/ioemu/hw/fdc.c
--- a/tools/ioemu/hw/fdc.c      Fri Sep 28 16:05:02 2007 +0100
+++ b/tools/ioemu/hw/fdc.c      Tue Oct 02 09:44:21 2007 +0100
@@ -1110,8 +1110,13 @@ static uint32_t fdctrl_read_data (fdctrl
             len = fdctrl->data_len - fdctrl->data_pos;
             if (len > FD_SECTOR_LEN)
                 len = FD_SECTOR_LEN;
-            bdrv_read(cur_drv->bs, fd_sector(cur_drv),
-                      fdctrl->fifo, len);
+            if (cur_drv->bs) {
+                bdrv_read(cur_drv->bs, fd_sector(cur_drv),
+                          fdctrl->fifo, len);
+            } else {
+                FLOPPY_ERROR("can't read data from drive\n");
+                return 0;
+            }
         }
     }
     retval = fdctrl->fifo[pos];
diff -r 3ef467ebd2f8 -r 4b22d472bda6 tools/ioemu/hw/ne2000.c
--- a/tools/ioemu/hw/ne2000.c   Fri Sep 28 16:05:02 2007 +0100
+++ b/tools/ioemu/hw/ne2000.c   Tue Oct 02 09:44:21 2007 +0100
@@ -252,7 +252,7 @@ static void ne2000_receive(void *opaque,
 {
     NE2000State *s = opaque;
     uint8_t *p;
-    int total_len, next, avail, len, index, mcast_idx;
+    unsigned int total_len, next, avail, len, index, mcast_idx;
     uint8_t buf1[60];
     static const uint8_t broadcast_macaddr[6] = 
         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
@@ -327,7 +327,11 @@ static void ne2000_receive(void *opaque,
 
     /* write packet data */
     while (size > 0) {
-        avail = s->stop - index;
+        /* taviso: this can wrap, so check its okay. */
+        if (index <= s->stop)
+            avail = s->stop - index;
+        else
+            avail = 0;
         len = size;
         if (len > avail)
             len = avail;
diff -r 3ef467ebd2f8 -r 4b22d472bda6 tools/ioemu/hw/sb16.c
--- a/tools/ioemu/hw/sb16.c     Fri Sep 28 16:05:02 2007 +0100
+++ b/tools/ioemu/hw/sb16.c     Tue Oct 02 09:44:21 2007 +0100
@@ -1235,8 +1235,10 @@ static int SB_read_DMA (void *opaque, in
             s->block_size);
 #endif
 
-    while (s->left_till_irq <= 0) {
-        s->left_till_irq = s->block_size + s->left_till_irq;
+    if (s->block_size) {
+        while (s->left_till_irq <= 0) {
+            s->left_till_irq = s->block_size + s->left_till_irq;
+        }
     }
 
     return dma_pos;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.1-testing] ioemu: security fixes for not-built or not-default-configured, Xen patchbot-3.1-testing <=
Previous by Date:  [Xen-changelog] [xen-3.1-testing] x86/64: Fix security vulnerability CVE-2007-4573., Xen patchbot-3.1-testing
Next by Date:  [Xen-changelog] [xen-unstable] [IA64] Make Big-Endian appliation run on top of dom0 and domU, Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-3.1-testing] x86/64: Fix security vulnerability CVE-2007-4573., Xen patchbot-3.1-testing
Next by Thread:  [Xen-changelog] [xen-unstable] [IA64] Make Big-Endian appliation run on top of dom0 and domU, Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy