|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.10] libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
commit b413732087509fb15d6cf4373e0b2396ae4ee476
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Dec 19 20:32:20 2019 +0000
Commit: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
CommitDate: Tue May 5 15:47:23 2020 +0100
libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()
The current logic only works by chance, in that XSAVE records also tend to
be
a multiple of 128. Implement the missing logic for XSAVE.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
(cherry picked from commit 2a62c22715bf81c5695ae0511f89a940c7c6a492)
(cherry picked from commit 0e2bbcf8b4fe6f5fd23a341848f3785c213b26bb)
(cherry picked from commit 288872ad3bb320bd9f31145d9bd4e53786fa3245)
(cherry picked from commit a58bba28da793da70b93b841289d99370800180c)
---
tools/libxc/xc_sr_restore_x86_pv.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/libxc/xc_sr_restore_x86_pv.c
b/tools/libxc/xc_sr_restore_x86_pv.c
index f058a37a64..9d4c611bd5 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -824,6 +824,15 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context
*ctx,
break;
case REC_TYPE_X86_PV_VCPU_XSAVE:
+ if ( blobsz < 128 )
+ {
+ ERROR("%s record too short: min %zu, got %u",
+ rec_name, sizeof(*vhdr) + 128, rec->length);
+ goto out;
+ }
+ break;
+
+ case REC_TYPE_X86_PV_VCPU_MSRS:
if ( blobsz % sizeof(xen_domctl_vcpu_msr_t) != 0 )
{
ERROR("%s record payload size %zu expected to be a multiple of
%zu",
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.10
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |