projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41a0cc9) | patch
tools: xenstored: if the reply is too big then send E2BIG error
authorIan Jackson <ian.jackson@eu.citrix.com>
Tue, 29 Oct 2013 15:45:53 +0000 (15:45 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Tue, 29 Oct 2013 15:45:53 +0000 (15:45 +0000)
commit8b2c441a1b53a43a38b3c517e28f239da3349872
treefdc5f3f8b1235174281e53b128abf407ae232b45tree | snapshot
parent41a0cc9e26160a89245c9ba3233e3f70bf9cd4b4commit | diff
tools: xenstored: if the reply is too big then send E2BIG error

This fixes the issue for both C and ocaml xenstored, however only the ocaml
xenstored is vulnerable in its default configuration.

Adding a new error appears to be safe, since bit libxenstore and the Linux
driver at least treat an unknown error code as EINVAL.

This is XSA-72 / CVE-2013-4416.

Original ocaml patch by Jerome Maloberti <jerome.maloberti@citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Thomas Sanders <thomas.sanders@citrix.com>
tools/ocaml/xenstored/connection.ml diff | blob | history
tools/xenstore/xenstored_core.c diff | blob | history
xen/include/public/io/xs_wire.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.