[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 19/21] DRAFT libxc: check return values from malloc



Ian Jackson writes ("[PATCH 19/21] DRAFT libxc: check return values from 
malloc"):
> *** DRAFT ONLY ***
> This is a direct backport of the 4.2 patch.  I have not rerun the
> search yet, and need to do so.

I have finished this grep and found one that additional obvious change
was needed.  I will include this in v8 of my 4.1 backports.

Ian.

commit 0ed45ae28bf70cee5400ce8251577d264880489d
Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date:   Thu Jun 13 16:52:48 2013 +0100

    xc_flask_access

diff --git a/.topmsg b/.topmsg
index 988c545..6c3ca79 100644
--- a/.topmsg
+++ b/.topmsg
@@ -1,11 +1,5 @@
 From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
-Subject: DRAFT libxc: check return values from malloc
-
-
-*** DRAFT ONLY ***
-This is a direct backport of the 4.2 patch.  I have not rerun the
-search yet, and need to do so.
-
+Subject: libxc: check return values from malloc
 
 A sufficiently malformed input to libxc (such as a malformed input ELF
 or other guest-controlled data) might cause one of libxc's malloc() to
@@ -28,6 +22,9 @@ Changes in the Xen 4.2 version of this series:
 * No need to fix code relating to superpage support.
 * Additionally fix `dom->p2m_host = xc_dom_malloc...' in xc_dom_ia64.c.
 
+Changes in the Xen 4.1 version of this series:
+* An additional check is needed in xc_flask.c:xc_flask_access.
+
 This is part of the fix to a security issue, XSA-55.
 
 Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c
index 27794a8..78c243c 100644
--- a/tools/libxc/xc_flask.c
+++ b/tools/libxc/xc_flask.c
@@ -284,6 +284,8 @@ int xc_flask_access(xc_interface *xc_handle, const char 
*scon, const char *tcon,
         MAX_SHORT_DEC_LEN + 1 +
         sizeof(req)*2 + 1;
     buf = malloc(bufLen);
+    if ( buf == NULL )
+        return -ENOMEM;
     snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req);
 
     op.cmd = FLASK_ACCESS;

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.