projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6479259) | patch
libxc: [CVE-2011-1583] pv kernel image validation
authorIan Jackson <ian.jackson@eu.citrix.com>
Mon, 9 May 2011 14:00:57 +0000 (15:00 +0100)
committerIan Jackson <ian.jackson@eu.citrix.com>
Mon, 9 May 2011 14:00:57 +0000 (15:00 +0100)
commit778d29bc95d42445a0ebcca1dda7adf6f95dba6f
treed7da45133ae62286c375013cdb2e9752d86f0fcetree | snapshot
parent6479259151007992b61f68f8df1b8e64695187ffcommit | diff
libxc: [CVE-2011-1583] pv kernel image validation

The functions which interpret the kernel image supplied for a
paravirtualised guest, and decompress it into memory when booting the
domain, are incautious.  Specifically:

 (i) Integer overflow in the decompression loop memory allocator might
    result in overrunning the buffer used for the decompressed image;
 (ii) Integer overflows and lack of checking of certain length fields
    can result in the loader reading its own address space beyond the
    size of the supplied kernel image file.
 (iii) Lack of error checking in the decompression loop can lead to an
    infinite loop.

This patch fixes these problems.

CVE-2011-1583.

Signed-off-by: Ian Campbell <Ian.Campbell@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
tools/libxc/xc_dom_bzimageloader.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.