From: Paul Durrant <paul.durrant@citrix.com>
Date: Tue, 14 Jul 2015 10:55:57 +0000 (+0100)
Subject: Fix potential buffer overflow
X-Git-Tag: 8.1.0-rc1~17
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=dd236defa8369495d4cfb2a5b70b9b036fb2e82e;p=pvdrivers%2Fwin%2Fxenvif.git

Fix potential buffer overflow

The buffer allocation in FdoQueryDeviceRelations() is completely bogus. Fix
it.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
---

diff --git a/src/xenvif/fdo.c b/src/xenvif/fdo.c
index b903b09..aabc9c1 100644
--- a/src/xenvif/fdo.c
+++ b/src/xenvif/fdo.c
@@ -1632,7 +1632,7 @@ FdoQueryDeviceRelations(
          ListEntry = ListEntry->Flink)
         Count++;
 
-    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (DEVICE_OBJECT) * __min(Count, 1));
+    Size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) + (sizeof (PDEVICE_OBJECT) * __max(Count, 1));
 
     Relations = ExAllocatePoolWithTag(PagedPool, Size, 'FIV');