]> xenbits.xensource.com Git - xen.git/commit
projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16803a6) | patch
EFI: re-check {get,set}-variable name strings after copying in
authorJan Beulich <jbeulich@suse.com>
Thu, 5 Mar 2020 10:19:02 +0000 (11:19 +0100)
committerJan Beulich <jbeulich@suse.com>
Thu, 5 Mar 2020 10:19:02 +0000 (11:19 +0100)
commit636b40dcd50f8e348a9f159d3fe0ad9387879997
tree4bfd4e06dfb1f4d7475229cdf413efd765042504tree
parent16803a643bc17587ac8bb37d5794cbc1a9592962commit | diff
EFI: re-check {get,set}-variable name strings after copying in

A malicious guest given permission to invoke XENPF_efi_runtime_call may
play with the strings underneath Xen sizing them and copying them in.
Guard against this by re-checking the copyied in data for consistency
with the initial sizing. At the same time also check that the actual
copy-in is in fact successful, and switch to the lighter weight non-
checking flavor of the function.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
master commit: ad38db5852f0e30d90c93c6a62b754f2861549e0
master date: 2020-02-06 09:51:17 +0100
xen/common/efi/boot.c diff | blob | blame | history
xen/common/efi/efi.h diff | blob | blame | history
xen/common/efi/runtime.c diff | blob | blame | history
Xen (staging and unstable) mirror