|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Check set_gdt() bounds before copy_from_user.
ChangeSet 1.1760, 2005/06/27 21:17:02+01:00, kaf24@xxxxxxxxxxxxxxxxxxxx
Check set_gdt() bounds before copy_from_user.
Signed-off-by: Chris Wright <chrisw@xxxxxxxx>
mm.c | 4 ++++
1 files changed, 4 insertions(+)
diff -Nru a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c 2005-06-27 17:02:12 -04:00
+++ b/xen/arch/x86/mm.c 2005-06-27 17:02:12 -04:00
@@ -2442,6 +2442,10 @@
unsigned long frames[16];
long ret;
+ /* Rechecked in set_gdt, but ensures a sane limit for copy_from_user(). */
+ if ( entries > FIRST_RESERVED_GDT_ENTRY )
+ return -EINVAL;
+
if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) )
return -EFAULT;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |