projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 60172ef) | patch
tmem: consistently make pool_id a uint32_t
authorIan Campbell <ian.campbell@citrix.com>
Tue, 11 Sep 2012 12:06:43 +0000 (14:06 +0200)
committerIan Campbell <ian.campbell@citrix.com>
Tue, 11 Sep 2012 12:06:43 +0000 (14:06 +0200)
commitf14fc87af896228782ab5eaf174ce7eb27c0c4ca
tree1629dcb20e5f5b0a8af4a27dacbee48efc33f8eetree | snapshot
parent60172eff1eacf9fff67ee80857f8735a3664c831commit | diff
tmem: consistently make pool_id a uint32_t

Treating it as an int could allow a malicious guest to provide a
negative pool_Id, by passing the MAX_POOLS_PER_DOMAIN limit check and
allowing access to the negative offsets of the pool array.

This is part of XSA-15 / CVE-2012-3497.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
xen/common/tmem.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.