|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] libxenguest: Add missing range-check on count field read from a domain
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1182415659 -3600
# Node ID a83632dfbb28038ec4218e00f92ea220a85b6887
# Parent 11bf94b2d51a10980a88aa3ee0b3b8c6e14cbfe0
libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
tools/libxc/xc_domain_restore.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff -r 11bf94b2d51a -r a83632dfbb28 tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c Wed Jun 20 19:31:37 2007 +0100
+++ b/tools/libxc/xc_domain_restore.c Thu Jun 21 09:47:39 2007 +0100
@@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int
/* Get the list of PFNs that are not in the psuedo-phys map */
{
- unsigned int count;
+ unsigned int count = 0;
unsigned long *pfntab;
int nr_frees, rc;
- if ( !read_exact(io_fd, &count, sizeof(count)) )
- {
- ERROR("Error when reading pfn count");
+ if ( !read_exact(io_fd, &count, sizeof(count)) ||
+ (count > (1U << 28)) ) /* up to 1TB of address space */
+ {
+ ERROR("Error when reading pfn count (= %u)", count);
goto out;
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |