[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.5] gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
commit fcfbdb43336a8c1f1c9f34940eeb5fab4ef1760c Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Jun 11 14:56:38 2015 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Jun 11 14:56:38 2015 +0200 gnttab: add missing version check to GNTTABOP_swap_grant_ref handling ... avoiding NULL derefs when the version to use wasn't set yet (via GNTTABOP_setup_table or GNTTABOP_set_version). This is CVE-2015-4163 / XSA-134. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> master commit: 5d5c09d853d3f212861f70c577c65d1703f752ae master date: 2015-06-11 14:44:12 +0200 --- xen/common/grant_table.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index fe52b63..935034c 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2449,6 +2449,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_a, grant_ref_t ref_b) spin_lock(>->lock); + if ( gt->gt_version == 0 ) + PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n"); + /* Bounds check on the grant refs */ if ( unlikely(ref_a >= nr_grant_entries(d->grant_table))) PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a); -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.5 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |