Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] Check set_gdt() bounds before copy_from_user.

from [BitKeeper Bot] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Check set_gdt() bounds before copy_from_user.
From: BitKeeper Bot <riel@xxxxxxxxxxx>
Date: Mon, 27 Jun 2005 20:17:02 +0000
Cc: james@xxxxxxxxxxxxx
Delivery-date: Mon, 27 Jun 2005 21:01:00 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: Xen Development List <xen-devel@xxxxxxxxxxxxxxxxxxx>
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
ChangeSet 1.1760, 2005/06/27 21:17:02+01:00, kaf24@xxxxxxxxxxxxxxxxxxxx

        Check set_gdt() bounds before copy_from_user.
        Signed-off-by: Chris Wright <chrisw@xxxxxxxx>



 mm.c |    4 ++++
 1 files changed, 4 insertions(+)


diff -Nru a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c 2005-06-27 17:02:12 -04:00
+++ b/xen/arch/x86/mm.c 2005-06-27 17:02:12 -04:00
@@ -2442,6 +2442,10 @@
     unsigned long frames[16];
     long ret;
 
+    /* Rechecked in set_gdt, but ensures a sane limit for copy_from_user(). */
+    if ( entries > FIRST_RESERVED_GDT_ENTRY )
+        return -EINVAL;
+    
     if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) )
         return -EFAULT;
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] Check set_gdt() bounds before copy_from_user., BitKeeper Bot <=
Previous by Date:  [Xen-changelog] This patch adapts the Java Policy Processor to the default ssid change of, BitKeeper Bot
Next by Date:  [Xen-changelog] convert some use of "if (condition) BUG()" to "BUG_ON(condition)" in netback driver., BitKeeper Bot
Previous by Thread:  [Xen-changelog] This patch adapts the Java Policy Processor to the default ssid change of, BitKeeper Bot
Next by Thread:  [Xen-changelog] convert some use of "if (condition) BUG()" to "BUG_ON(condition)" in netback driver., BitKeeper Bot
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy