lzo: properly check for overruns
The lzo decompressor can, if given some really crazy data, possibly
overrun some variable types. Modify the checking logic to properly
detect overruns before they happen.
Reported-by: "Don A. Bailey" <donb@securitymouse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Original Linux commit:
206a81c18401c0cde6e579164f752c4b147324ce.
This is CVE-2014-4607 (but not a security issue in Xen, since the code
is only used for loading the Dom0 kernel and _inside_ an eventual DomU
for loading its kernel).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
projects / xen.git / commit