xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322

from [Robert Buchholz]

[Permanent Link][Original]

To:	xen-devel@xxxxxxxxxxxxxxxxxxx, Christian.Limpach@xxxxxxxxxxxx
Subject:	Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
From:	Robert Buchholz <rbu@xxxxxxxxxx>
Date:	Wed, 26 Sep 2007 00:45:48 +0200
Cc:	caglar@xxxxxxxxxxxxx
Delivery-date:	Tue, 25 Sep 2007 15:46:44 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<3d8eece20705011114o48e9361et898e5c999e48fbf7@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<200705011629.20671.caglar@xxxxxxxxxxxxx> <3d8eece20705011114o48e9361et898e5c999e48fbf7@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.7

On Tuesday, 1. May 2007, Christian Limpach wrote:
> On 5/1/07, S.Çağlar Onur <caglar@xxxxxxxxxxxxx> wrote:
> > Hi;
> >
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
>
> I've seen this patch before and I picked the most relevant fixes,
> cleaned them up and checked them in a while ago.  I left out the ones
> which touch code we don't compile and the ones which touch code we
> don't enable by default.  If somebody else cleans up those, it would
> be great to get them checked in.
>
> We have the first check to bdrv_write in block.c and we have the same
> check in bdrv_read -- we don't have that unsigned int ns < 0 check.
>
> We have a fix for the cirrus bitblit issue -- I think the fix in the
> patch you post actually doesn't cover all cases.
>
> We have the hw/dma.c null pointer check.
>
> We don't have the hw/fdc.c null pointer check.  We should probably
> add that one.
>
> We don't have the hw/i8259.c change since we don't use that file.
>
> We don't have the hw/ne2000.c change since we use the rtl8139 driver
> by default -- could add that one.
>
> We don't have the hw/pc.c change since exit'ing seems safer.
>
> We don't have the hw/sb16.c change since we don't have sound by
> default -- we should probably add that one.
>
> We don't have the target-i386/translate.c changes since we don't use
> that file.
>
> We don't have the vl.c changes since we only use the network tap
> mode.

How much cleaning would the remaining fixes need? I've re-attached the 
patch proposed by S.Çağlar Onur, with those issues fixed in 3.1.0 
removed and only including those you marked "should/could add".

Regards,
Robert

ioemu.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366, Robert Buchholz <=

Previous by Date:	Re: [Xen-devel] auto-translated-physmap resume, Daniel Stodden
Next by Date:	Re: [Xen-devel] [XSM:ACM] When cw is used, dom0 reboots., George S. Coker, II
Previous by Thread:	[Xen-devel] How do I debug the hypervisor?, Roger Cruz
Next by Thread:	[Xen-devel] Want to Learn how Qemu works in Xen and dom0, Hu Jia Yi
Indexes:	[Date] [Thread] [Top] [All Lists]