[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366



On Tuesday, 1. May 2007, Christian Limpach wrote:
> On 5/1/07, S.ÃaÄlar Onur <caglar@xxxxxxxxxxxxx> wrote:
> > Hi;
> >
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
>
> I've seen this patch before and I picked the most relevant fixes,
> cleaned them up and checked them in a while ago.  I left out the ones
> which touch code we don't compile and the ones which touch code we
> don't enable by default.  If somebody else cleans up those, it would
> be great to get them checked in.
>
> We have the first check to bdrv_write in block.c and we have the same
> check in bdrv_read -- we don't have that unsigned int ns < 0 check.
>
> We have a fix for the cirrus bitblit issue -- I think the fix in the
> patch you post actually doesn't cover all cases.
>
> We have the hw/dma.c null pointer check.
>
> We don't have the hw/fdc.c null pointer check.  We should probably
> add that one.
>
> We don't have the hw/i8259.c change since we don't use that file.
>
> We don't have the hw/ne2000.c change since we use the rtl8139 driver
> by default -- could add that one.
>
> We don't have the hw/pc.c change since exit'ing seems safer.
>
> We don't have the hw/sb16.c change since we don't have sound by
> default -- we should probably add that one.
>
> We don't have the target-i386/translate.c changes since we don't use
> that file.
>
> We don't have the vl.c changes since we only use the network tap
> mode.

How much cleaning would the remaining fixes need? I've re-attached the 
patch proposed by S.ÃaÄlar Onur, with those issues fixed in 3.1.0 
removed and only including those you marked "should/could add".

Regards,
Robert

Attachment: ioemu.patch
Description: Text Data

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.