[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 18/21] libxc: Add range checking to xc_dom_binloader

Matthew Daley writes ("Re: [PATCH 18/21] libxc: Add range checking to 
xc_dom_binloader"):
> On Fri, Jun 7, 2013 at 6:52 AM, Ian Jackson <ian.jackson@xxxxxxxxxxxxx> wrote:
> > This is a simple binary image loader with its own metadata format.
> > However, it is too careless with image-supplied values.
> >
> > Add the following checks:
> >
> >  * That the image is bigger than the metadata table; otherwise the
> >    pointer arithmetic to calculate the metadata table location may
> >    yield undefined and dangerous values.
> >
> >  * When clamping the end of the region to search, that we do not
> >    calculate pointers before the beginning of the image.
> 
> Don't you mean after the end of the image? I can't reconcile this bit
> with the actual patch.

You're right.

> > +    if ( image_size < skip ||
> > +         image_size - skip < text_size )
> > +    {
> > +        DOMPRINTF("%s: image is too small for declared text size",
> > +                  __FUNCTION__);
> 
> return -EINVAL (or similar) is needed here.

Oops.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.