ia64/xen-unstable
changeset 15434:a83632dfbb28
libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xensource.com>
save/restore file.
Signed-off-by: Keir Fraser <keir@xensource.com>
| author | kfraser@localhost.localdomain |
|---|---|
| date | Thu Jun 21 09:47:39 2007 +0100 (2007-06-21) |
| parents | 11bf94b2d51a |
| children | 5ec34f7f31ab |
| files | tools/libxc/xc_domain_restore.c |
line diff
1.1 --- a/tools/libxc/xc_domain_restore.c Wed Jun 20 19:31:37 2007 +0100 1.2 +++ b/tools/libxc/xc_domain_restore.c Thu Jun 21 09:47:39 2007 +0100 1.3 @@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int 1.4 1.5 /* Get the list of PFNs that are not in the psuedo-phys map */ 1.6 { 1.7 - unsigned int count; 1.8 + unsigned int count = 0; 1.9 unsigned long *pfntab; 1.10 int nr_frees, rc; 1.11 1.12 - if ( !read_exact(io_fd, &count, sizeof(count)) ) 1.13 + if ( !read_exact(io_fd, &count, sizeof(count)) || 1.14 + (count > (1U << 28)) ) /* up to 1TB of address space */ 1.15 { 1.16 - ERROR("Error when reading pfn count"); 1.17 + ERROR("Error when reading pfn count (= %u)", count); 1.18 goto out; 1.19 } 1.20