ia64/xen-unstable

changeset 5585:b08cd3331fdb

bitkeeper revision 1.1760 (42c05ebeLIfrneiw1jaZMwle-z9usw)

Check set_gdt() bounds before copy_from_user.
Signed-off-by: Chris Wright <chrisw@osdl.org>
author kaf24@firebug.cl.cam.ac.uk
date Mon Jun 27 20:17:02 2005 +0000 (2005-06-27)
parents d892fbf61323
children ca9f091afdd2 5937352bfe66
files xen/arch/x86/mm.c
line diff
     1.1 --- a/xen/arch/x86/mm.c	Mon Jun 27 17:22:33 2005 +0000
     1.2 +++ b/xen/arch/x86/mm.c	Mon Jun 27 20:17:02 2005 +0000
     1.3 @@ -2442,6 +2442,10 @@ long do_set_gdt(unsigned long *frame_lis
     1.4      unsigned long frames[16];
     1.5      long ret;
     1.6  
     1.7 +    /* Rechecked in set_gdt, but ensures a sane limit for copy_from_user(). */
     1.8 +    if ( entries > FIRST_RESERVED_GDT_ENTRY )
     1.9 +        return -EINVAL;
    1.10 +    
    1.11      if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) )
    1.12          return -EFAULT;
    1.13