[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSA-155: _apparently_ missing blktap1 fix (up to 4.5)

>>> On 04.03.16 at 15:09, <konrad.wilk@xxxxxxxxxx> wrote:
> On Fri, Mar 04, 2016 at 01:21:19AM -0700, Jan Beulich wrote:
>> In the course of backporting other XSA fixes to very old trees I had
>> noticed that the XSA-155 had shrunk to just the change to
>> xen/include/public/io/ring.h at some point, which didn't seem right.
>> Clearly up to 4.5 the situation of blktap1 is the same as that of
>> blktap2, i.e. one would think it also needs to be fixed. However, in
>> the course of doing so I stumbled across the code blindly using
>> req->id as an array index (which similarly is the case for blktap2).
>> That alone would be another security issue, if only the first change
> Yes. We fixed that in blkback some time ago, but yes that code base
> has some quite errant bugs in it.
> Would love to say I can fix them, but the TODO list is getting
> a bit long.

But my point was - there is (and was) nothing to fix there.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.