[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] [PATCH] Fix potential buffer overflow



The buffer allocation in FdoQueryDeviceRelations() is completely bogus. Fix
it.

Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
 src/xenvif/fdo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xenvif/fdo.c b/src/xenvif/fdo.c
index b903b09..aabc9c1 100644
--- a/src/xenvif/fdo.c
+++ b/src/xenvif/fdo.c
@@ -1632,7 +1632,7 @@ FdoQueryDeviceRelations(
          ListEntry = ListEntry->Flink)
         Count++;
 
-    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (DEVICE_OBJECT) * 
__min(Count, 1));
+    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (PDEVICE_OBJECT) 
* __max(Count, 1));
 
     Relations = ExAllocatePoolWithTag(PagedPool, Size, 'FIV');
 
-- 
2.1.1


_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.