ia64/linux-2.6.18-xen.hg

changeset 419:08e85e79c65d xen-3.2.0

CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
Fix is Al Viro's suggested patch for RHEL5.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Feb 11 11:05:27 2008 +0000 (2008-02-11)
parents 90fbf541d772
children f76e90b4f7ad
files fs/splice.c
line diff
     1.1 --- a/fs/splice.c	Mon Feb 11 10:19:25 2008 +0000
     1.2 +++ b/fs/splice.c	Mon Feb 11 11:05:27 2008 +0000
     1.3 @@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const st
     1.4  		if (unlikely(!base))
     1.5  			break;
     1.6  
     1.7 +		if (unlikely(!access_ok(VERIFY_READ, base, len)))
     1.8 +			break;
     1.9 +
    1.10  		/*
    1.11  		 * Get this base offset and number of pages, then map
    1.12  		 * in the user pages.