WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

[Xen-devel] [PATCH] Out of bound check in bind_virq (trivial)

from [Grzegorz Milos]

[Permanent Link][Original]

To:	xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject:	[Xen-devel] [PATCH] Out of bound check in bind_virq (trivial)
From:	Grzegorz Milos <gm281@xxxxxxxxx>
Date:	Thu, 06 Oct 2005 19:16:29 +0100
Delivery-date:	Thu, 06 Oct 2005 18:14:25 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla Thunderbird 1.0.2 (X11/20050317)

Here is a trivial patch that adds a domain->vcpu array out of boundcheck (without it I managed to take whole Xen down by trying to run abuggy domain).


Cheers
Gregor

# HG changeset patch
# User gmilos@xxxxxxxxxxxxxxxxxxxxx
# Node ID 0c6432737d58f7276a3f60322123f3d967b23f91
# Parent  76a7a7aa27e40022fbfeacdd8d6ed9395e875894
Added missing array out of bound check for d->vcpu.
Signed-off-by: Grzegorz Milos <gm281@xxxxxxxxx>

diff -r 76a7a7aa27e4 -r 0c6432737d58 xen/common/event_channel.c
--- a/xen/common/event_channel.c        Thu Oct  6 16:02:38 2005
+++ b/xen/common/event_channel.c        Thu Oct  6 18:08:04 2005
@@ -269,7 +269,8 @@
     if ( virq >= ARRAY_SIZE(v->virq_to_evtchn) )
         return -EINVAL;
 
-    if ( (v = d->vcpu[bind->vcpu]) == NULL )
+    if ( bind->vcpu >= ARRAY_SIZE(d->vcpu) || 
+            (v = d->vcpu[bind->vcpu]) == NULL )
         return -ENOENT;
 
     spin_lock(&d->evtchn_lock);

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH] Out of bound check in bind_virq (trivial), Grzegorz Milos <=

Previous by Date:	Re: [Xen-devel] Re: bad ip checksums, Chris Bainbridge
Next by Date:	Re: [Xen-devel] xen_blk timeout connecting to device, Ewan Mellor
Previous by Thread:	[Xen-devel] network & block device setup via udev, Gerd Knorr
Next by Thread:	[Xen-devel] Xen unstable/SuSE 9.3 install issue, benjamin
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix