[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 04/11] tmem: check for a valid client ("domain") in the save subops

This is part of XSA-15 / CVE-2012-3497.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -2379,12 +2379,18 @@ static NOINLINE int tmemc_save_subop(int
         rc = MAX_POOLS_PER_DOMAIN;
         break;
     case TMEMC_SAVE_GET_CLIENT_WEIGHT:
+        if ( client == NULL )
+            break;
         rc = client->weight == -1 ? -2 : client->weight;
         break;
     case TMEMC_SAVE_GET_CLIENT_CAP:
+        if ( client == NULL )
+            break;
         rc = client->cap == -1 ? -2 : client->cap;
         break;
     case TMEMC_SAVE_GET_CLIENT_FLAGS:
+        if ( client == NULL )
+            break;
         rc = (client->compress ? TMEM_CLIENT_COMPRESS : 0 ) |
              (client->was_frozen ? TMEM_CLIENT_FROZEN : 0 );
         break;
@@ -2408,6 +2414,8 @@ static NOINLINE int tmemc_save_subop(int
         *uuid = pool->uuid[1];
         rc = 0;
     case TMEMC_SAVE_END:
+        if ( client == NULL )
+            break;
         client->live_migrating = 0;
         if ( !list_empty(&client->persistent_invalidated_list) )
             list_for_each_entry_safe(pgp,pgp2,

Attachment: tmem-xsa-15-4
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.