Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on c

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on count field read from a domain
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Jun 2007 05:03:24 -0700
Delivery-date: Thu, 21 Jun 2007 05:01:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1182415659 -3600
# Node ID a83632dfbb28038ec4218e00f92ea220a85b6887
# Parent  11bf94b2d51a10980a88aa3ee0b3b8c6e14cbfe0
libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 tools/libxc/xc_domain_restore.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff -r 11bf94b2d51a -r a83632dfbb28 tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c   Wed Jun 20 19:31:37 2007 +0100
+++ b/tools/libxc/xc_domain_restore.c   Thu Jun 21 09:47:39 2007 +0100
@@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int
 
     /* Get the list of PFNs that are not in the psuedo-phys map */
     {
-        unsigned int count;
+        unsigned int count = 0;
         unsigned long *pfntab;
         int nr_frees, rc;
 
-        if ( !read_exact(io_fd, &count, sizeof(count)) )
-        {
-            ERROR("Error when reading pfn count");
+        if ( !read_exact(io_fd, &count, sizeof(count)) ||
+             (count > (1U << 28)) ) /* up to 1TB of address space */
+        {
+            ERROR("Error when reading pfn count (= %u)", count);
             goto out;
         }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on count field read from a domain, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] Rename ddc_info -> vbeddc_info in interface header., Xen patchbot-unstable
Next by Date:  [Xen-changelog] [linux-2.6.18-xen] linux/x86: Obtain EDD info from Xen, Xen patchbot-linux-2.6.18-xen
Previous by Thread:  [Xen-changelog] [xen-unstable] Rename ddc_info -> vbeddc_info in interface header., Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [linux-2.6.18-xen] linux/x86: Obtain EDD info from Xen, Xen patchbot-linux-2.6.18-xen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy