projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53bfcf5) | patch
libxc: Fix range checking in xc_dom_pfn_to_ptr etc.
authorIan Jackson <ian.jackson@eu.citrix.com>
Fri, 14 Jun 2013 15:39:34 +0000 (16:39 +0100)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Fri, 14 Jun 2013 15:39:34 +0000 (16:39 +0100)
commitb5a869209998fedadfe205d37addbd50a802998b
tree4999ff71260c57b36a0d60ee86f7c2e3e05bab63tree | snapshot
parent53bfcf585b09eb4ac2240f89d1ade77421cd2451commit | diff
libxc: Fix range checking in xc_dom_pfn_to_ptr etc.

* Ensure that xc_dom_pfn_to_ptr (when called with count==0) does not
  return a previously-allocated block which is entirely before the
  requested pfn (!)

* Provide a version of xc_dom_pfn_to_ptr, xc_dom_pfn_to_ptr_retcount,
  which provides the length of the mapped region via an out parameter.

* Change xc_dom_vaddr_to_ptr to always provide the length of the
  mapped region and change the call site in xc_dom_binloader.c to
  check it.  The call site in xc_dom_load_elf_symtab will be corrected
  in a forthcoming patch, and for now ignores the returned length.

This is part of the fix to a security issue, XSA-55.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
v5: This patch is new in v5 of the series.
tools/libxc/xc_dom.h diff | blob | history
tools/libxc/xc_dom_binloader.c diff | blob | history
tools/libxc/xc_dom_core.c diff | blob | history
tools/libxc/xc_dom_elfloader.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.