33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
|
|
# HG changeset patch
|
|
# User kfraser@localhost.localdomain
|
|
# Date 1182415659 -3600
|
|
# Node ID a83632dfbb28038ec4218e00f92ea220a85b6887
|
|
# Parent 11bf94b2d51a10980a88aa3ee0b3b8c6e14cbfe0
|
|
libxenguest: Add missing range-check on count field read from a domain
|
|
save/restore file.
|
|
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
--- a/tools/libxc/xc_domain_restore.c Wed Jun 20 19:31:37 2007 +0100
|
|
+++ b/tools/libxc/xc_domain_restore.c Thu Jun 21 09:47:39 2007 +0100
|
|
@@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int
|
|
|
|
/* Get the list of PFNs that are not in the psuedo-phys map */
|
|
{
|
|
- unsigned int count;
|
|
+ unsigned int count = 0;
|
|
unsigned long *pfntab;
|
|
int nr_frees, rc;
|
|
|
|
- if ( !read_exact(io_fd, &count, sizeof(count)) )
|
|
- {
|
|
- ERROR("Error when reading pfn count");
|
|
+ if ( !read_exact(io_fd, &count, sizeof(count)) ||
|
|
+ (count > (1U << 28)) ) /* up to 1TB of address space */
|
|
+ {
|
|
+ ERROR("Error when reading pfn count (= %u)", count);
|
|
goto out;
|
|
}
|
|
|
|
|