[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.11] EFI: don't leak heap contents through XEN_EFI_get_next_variable_name
commit 8348cc77e6744a377ffd52c914f08e0dcc4074b6 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Mar 5 11:33:59 2020 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Mar 5 11:33:59 2020 +0100 EFI: don't leak heap contents through XEN_EFI_get_next_variable_name Commit 1f4eb9d27d0e ("EFI: fix getting EFI variable list on some systems") switched to using the caller provided size for the copy-out without making sure the copied buffer is properly scrubbed. Reported-by: Ilja Van Sprundel <ivansprundel@xxxxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: 4783ee894f6bfb0f4deec9f1fe8e7faceafaa1a2 master date: 2020-02-06 09:52:33 +0100 --- xen/common/efi/runtime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index 2427d22ab3..06c405700b 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -576,7 +576,7 @@ int efi_runtime_call(struct xenpf_efi_runtime_call *op) return -EINVAL; size = op->u.get_next_variable_name.size; - name.raw = xmalloc_bytes(size); + name.raw = xzalloc_bytes(size); if ( !name.raw ) return -ENOMEM; if ( copy_from_guest(name.raw, op->u.get_next_variable_name.name, -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.11 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |