# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190794752 -3600
# Node ID 0b873d909ad30e554a3ffebf14176e7257a3e023
# Parent 3c1e76dda38b2e584637a3acdb0b7d14eefd2024
ioemu: security fixes for not-built or not-default-configured subsystems.
Patches originally proposed by S. Caglar Onur and cleaned up for
xen-unstable by Robert Buchholz <rbu@xxxxxxxxxx>.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
tools/ioemu/hw/fdc.c | 9 +++++++--
tools/ioemu/hw/ne2000.c | 8 ++++++--
tools/ioemu/hw/sb16.c | 6 ++++--
3 files changed, 17 insertions(+), 6 deletions(-)
diff -r 3c1e76dda38b -r 0b873d909ad3 tools/ioemu/hw/fdc.c
--- a/tools/ioemu/hw/fdc.c Wed Sep 26 09:15:34 2007 +0100
+++ b/tools/ioemu/hw/fdc.c Wed Sep 26 09:19:12 2007 +0100
@@ -1100,8 +1100,13 @@ static uint32_t fdctrl_read_data (fdctrl
len = fdctrl->data_len - fdctrl->data_pos;
if (len > FD_SECTOR_LEN)
len = FD_SECTOR_LEN;
- bdrv_read(cur_drv->bs, fd_sector(cur_drv),
- fdctrl->fifo, len);
+ if (cur_drv->bs) {
+ bdrv_read(cur_drv->bs, fd_sector(cur_drv),
+ fdctrl->fifo, len);
+ } else {
+ FLOPPY_ERROR("can't read data from drive\n");
+ return 0;
+ }
}
}
retval = fdctrl->fifo[pos];
diff -r 3c1e76dda38b -r 0b873d909ad3 tools/ioemu/hw/ne2000.c
--- a/tools/ioemu/hw/ne2000.c Wed Sep 26 09:15:34 2007 +0100
+++ b/tools/ioemu/hw/ne2000.c Wed Sep 26 09:19:12 2007 +0100
@@ -252,7 +252,7 @@ static void ne2000_receive(void *opaque,
{
NE2000State *s = opaque;
uint8_t *p;
- int total_len, next, avail, len, index, mcast_idx;
+ unsigned int total_len, next, avail, len, index, mcast_idx;
uint8_t buf1[60];
static const uint8_t broadcast_macaddr[6] =
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
@@ -327,7 +327,11 @@ static void ne2000_receive(void *opaque,
/* write packet data */
while (size > 0) {
- avail = s->stop - index;
+ /* taviso: this can wrap, so check its okay. */
+ if (index <= s->stop)
+ avail = s->stop - index;
+ else
+ avail = 0;
len = size;
if (len > avail)
len = avail;
diff -r 3c1e76dda38b -r 0b873d909ad3 tools/ioemu/hw/sb16.c
--- a/tools/ioemu/hw/sb16.c Wed Sep 26 09:15:34 2007 +0100
+++ b/tools/ioemu/hw/sb16.c Wed Sep 26 09:19:12 2007 +0100
@@ -1235,8 +1235,10 @@ static int SB_read_DMA (void *opaque, in
s->block_size);
#endif
- while (s->left_till_irq <= 0) {
- s->left_till_irq = s->block_size + s->left_till_irq;
+ if (s->block_size) {
+ while (s->left_till_irq <= 0) {
+ s->left_till_irq = s->block_size + s->left_till_irq;
+ }
}
return dma_pos;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home