projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b17e1a) | patch
ioemu: Fix PVFB backend to limit frame buffer size
authorKeir Fraser <keir.fraser@citrix.com>
Thu, 15 May 2008 08:36:38 +0000 (09:36 +0100)
committerKeir Fraser <keir.fraser@citrix.com>
Thu, 15 May 2008 08:36:38 +0000 (09:36 +0100)
commita2388da52dd1e3fa9cba5fc87d70e02648371aa4
tree4b5fe7c2e4fef5d9df900f87e399eb2dfc30dce4tree | snapshot
parent3b17e1a5e922889e35d36ded3b58d88b3817ac71commit | diff
ioemu: Fix PVFB backend to limit frame buffer size

The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly.  This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
against dom0.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
tools/ioemu/hw/xenfb.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.