From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 11 Feb 2008 11:05:27 +0000 (+0000)
Subject: CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
X-Git-Tag: xen-3.2.0
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=1a80beea0f2f78f24d49df9b8a6cd15f38259cc0;p=legacy%2Flinux-2.6.18-xen.git

CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
Fix is Al Viro's suggested patch for RHEL5.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---

diff --git a/fs/splice.c b/fs/splice.c
index 4eed2f6c..0153c97d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
 		if (unlikely(!base))
 			break;
 
+		if (unlikely(!access_ok(VERIFY_READ, base, len)))
+			break;
+
 		/*
 		 * Get this base offset and number of pages, then map
 		 * in the user pages.