pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3ff5ece633
xen/53df71c7-lz4-check-for-underruns.patch

55 lines
1.5 KiB
Diff
Raw Normal View History

- bnc#883112 - Xen Panic during boot "System without CMOS RTC must be booted from EFI" 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch - Upstream patches from Jan 53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch 53df71c7-lz4-check-for-underruns.patch 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch 53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch - Update to Xen Version 4.4.1-rc2 xen-4.4.1-testing-src.tar.bz2 - Dropped 60 upstream patches and xen-4.4.0-testing-src.tar.bz2 - bnc#820873 - The "long" option doesn't work with "xl list" 53d124e7-fix-list_domain_details-check-config-data-length-0.patch - bnc#888996 - Package 'xen-tool' contains 'SuSE' spelling in a filename and/or SPEC file Renamed README.SuSE -> README.SUSE Modified files: xen.spec, boot.local.xenU, init.pciback xend-config.patch, xend-vif-route-ifup.patch - bnc#882673 - Dom0 memory should enforce a minimum memory size (e.g. dom0_mem=min:512M) xen.spec (Mike Latimer) OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=324
2014-08-15 16:33:16 +02:00
# Commit 9143a6c55ef7e8f630857cb08c03844d372c2345
# Date 2014-08-04 13:43:03 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
lz4: check for underruns
While overruns are already being taken care of, underruns (resulting
from overflows in the respective "op + length" (or similar) operations
weren't.
This is CVE-2014-4611.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/common/lz4/decompress.c
+++ b/xen/common/lz4/decompress.c
@@ -84,6 +84,8 @@ static int INIT lz4_uncompress(const uns
ip += length;
break; /* EOF */
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_WILDCOPY(ip, op, cpy);
ip -= (op - cpy);
op = cpy;
@@ -142,6 +144,8 @@ static int INIT lz4_uncompress(const uns
goto _output_error;
continue;
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
}
@@ -207,6 +211,8 @@ static int lz4_uncompress_unknownoutputs
op += length;
break;/* Necessarily EOF, due to parsing restrictions */
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_WILDCOPY(ip, op, cpy);
ip -= (op - cpy);
op = cpy;
@@ -270,6 +276,8 @@ static int lz4_uncompress_unknownoutputs
goto _output_error;
continue;
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
}
Reference in New Issue Copy Permalink