[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
commit 5d5c09d853d3f212861f70c577c65d1703f752ae Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Thu Jun 11 14:44:12 2015 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Jun 11 14:44:12 2015 +0200 gnttab: add missing version check to GNTTABOP_swap_grant_ref handling ... avoiding NULL derefs when the version to use wasn't set yet (via GNTTABOP_setup_table or GNTTABOP_set_version). This is CVE-2015-4163 / XSA-134. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- xen/common/grant_table.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index dfb45f8..ca4c973 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2592,6 +2592,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_a, grant_ref_t ref_b) spin_lock(>->lock); + if ( gt->gt_version == 0 ) + PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n"); + /* Bounds check on the grant refs */ if ( unlikely(ref_a >= nr_grant_entries(d->grant_table))) PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a); -- generated by git-patchbot for /home/xen/git/xen.git#master _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |