direct-io.hg

changeset 15410:a83632dfbb28

libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Thu Jun 21 09:47:39 2007 +0100 (2007-06-21)
parents 11bf94b2d51a
children 5ec34f7f31ab
files tools/libxc/xc_domain_restore.c
line diff
     1.1 --- a/tools/libxc/xc_domain_restore.c	Wed Jun 20 19:31:37 2007 +0100
     1.2 +++ b/tools/libxc/xc_domain_restore.c	Thu Jun 21 09:47:39 2007 +0100
     1.3 @@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int
     1.4  
     1.5      /* Get the list of PFNs that are not in the psuedo-phys map */
     1.6      {
     1.7 -        unsigned int count;
     1.8 +        unsigned int count = 0;
     1.9          unsigned long *pfntab;
    1.10          int nr_frees, rc;
    1.11  
    1.12 -        if ( !read_exact(io_fd, &count, sizeof(count)) )
    1.13 +        if ( !read_exact(io_fd, &count, sizeof(count)) ||
    1.14 +             (count > (1U << 28)) ) /* up to 1TB of address space */
    1.15          {
    1.16 -            ERROR("Error when reading pfn count");
    1.17 +            ERROR("Error when reading pfn count (= %u)", count);
    1.18              goto out;
    1.19          }
    1.20