bitkeeper revision 1.1760 (42c05ebeLIfrneiw1jaZMwle-z9usw)

author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)

committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)
author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)
committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c

index 52b404890975c77d2aa9c93ae73be081c1d770de..06e47e5eea97563980ca10acbe31abc8b775921b 100644 (file)
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2442,6 +2442,10 @@ long do_set_gdt(unsigned long *frame_list, unsigned int entries)
      unsigned long frames[16];
      long ret;
  
+    /* Rechecked in set_gdt, but ensures a sane limit for copy_from_user(). */
+    if ( entries > FIRST_RESERVED_GDT_ENTRY )
+        return -EINVAL;
+    
      if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) )
          return -EFAULT;
author	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)
committer	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Mon, 27 Jun 2005 20:17:02 +0000 (20:17 +0000)