[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] [PATCH] Fix potential buffer overflow

To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
From: Paul Durrant <pdurrant@xxxxxxxxx>
Date: Tue, 14 Jul 2015 11:57:38 +0100
Cc: Paul Durrant <paul.durrant@xxxxxxxxxx>
Delivery-date: Tue, 14 Jul 2015 10:57:56 +0000
List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

The buffer allocation in FdoQueryDeviceRelations() is completely bogus. Fix
it.

Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
 src/xenvif/fdo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xenvif/fdo.c b/src/xenvif/fdo.c
index b903b09..aabc9c1 100644
--- a/src/xenvif/fdo.c
+++ b/src/xenvif/fdo.c
@@ -1632,7 +1632,7 @@ FdoQueryDeviceRelations(
          ListEntry = ListEntry->Flink)
         Count++;
 
-    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (DEVICE_OBJECT) * 
__min(Count, 1));
+    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (PDEVICE_OBJECT) 
* __max(Count, 1));
 
     Relations = ExAllocatePoolWithTag(PagedPool, Size, 'FIV');
 
-- 
2.1.1


_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel

Prev by Date: [win-pv-devel] [PATCH] Note lack of IPv6 addresses in the log
Next by Date: [win-pv-devel] [PATCH] Fix potential buffer overflow
Previous by thread: [win-pv-devel] [PATCH] Note lack of IPv6 addresses in the log
Next by thread: [win-pv-devel] [PATCH] Fix potential buffer overflow
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.