pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3ff5ece633
xen/53df71c7-lz4-check-for-underruns.patch
Charles Arnold 3e51b51ba9 - bnc#883112 - Xen Panic during boot "System without CMOS RTC must 
be booted from EFI"
  53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch
- Upstream patches from Jan
  53d7b781-x86-cpu-undo-BIOS-CPUID-max_leaf-limit-earlier.patch
  53df71c7-lz4-check-for-underruns.patch
  53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch
  53e47d6b-x86_emulate-properly-do-IP-updates-and-other-side-effects.patch

- Update to Xen Version 4.4.1-rc2
  xen-4.4.1-testing-src.tar.bz2
- Dropped 60 upstream patches and xen-4.4.0-testing-src.tar.bz2

- bnc#820873 - The "long" option doesn't work with "xl list"
  53d124e7-fix-list_domain_details-check-config-data-length-0.patch

- bnc#888996 - Package 'xen-tool' contains 'SuSE' spelling in a
  filename and/or SPEC file
  Renamed README.SuSE -> README.SUSE
  Modified files: xen.spec, boot.local.xenU, init.pciback
  xend-config.patch, xend-vif-route-ifup.patch

- bnc#882673 - Dom0 memory should enforce a minimum memory size
  (e.g. dom0_mem=min:512M)
  xen.spec (Mike Latimer)

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=324
2014-08-15 14:33:16 +00:00

55 lines
1.5 KiB
Diff
Raw Blame History

# Commit 9143a6c55ef7e8f630857cb08c03844d372c2345
# Date 2014-08-04 13:43:03 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
lz4: check for underruns
While overruns are already being taken care of, underruns (resulting
from overflows in the respective "op + length" (or similar) operations
weren't.
This is CVE-2014-4611.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/common/lz4/decompress.c
+++ b/xen/common/lz4/decompress.c
@@ -84,6 +84,8 @@ static int INIT lz4_uncompress(const uns
ip += length;
break; /* EOF */
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_WILDCOPY(ip, op, cpy);
ip -= (op - cpy);
op = cpy;
@@ -142,6 +144,8 @@ static int INIT lz4_uncompress(const uns
goto _output_error;
continue;
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
}
@@ -207,6 +211,8 @@ static int lz4_uncompress_unknownoutputs
op += length;
break;/* Necessarily EOF, due to parsing restrictions */
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_WILDCOPY(ip, op, cpy);
ip -= (op - cpy);
op = cpy;
@@ -270,6 +276,8 @@ static int lz4_uncompress_unknownoutputs
goto _output_error;
continue;
}
+ if (unlikely((unsigned long)cpy < (unsigned long)op))
+ goto _output_error;
LZ4_SECURECOPY(ref, op, cpy);
op = cpy; /* correction */
}
Reference in New Issue View Git Blame Copy Permalink