rpm/xen
SHA256
1
0
Fork 0
forked from pool/xen
Code Pull Requests Activity
xen/25852-tmem-xsa-15-3.patch

24 lines
733 B
Diff
Raw Normal View History

- Upstream patches from Jan 25833-32on64-bogus-pt_base-adjust.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25861-x86-early-fixmap.patch 25862-sercon-non-com.patch 25863-sercon-ehci-dbgp.patch 25864-sercon-unused.patch 25866-sercon-ns16550-pci-irq.patch 25867-sercon-ns16550-parse.patch 25874-x86-EFI-chain-cfg.patch 25909-xenpm-consistent.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=201
2012-09-21 14:45:08 +00:00
# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1347365214 -7200
# Node ID d189d99ef00c1e197321593d13282e1b57eb4a38
# Parent fcf567acc92ae57f4adfbe967b01a2ba0390c08f
tmem: check the pool_id is valid when destroying a tmem pool
This is part of XSA-15 / CVE-2012-3497.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -1870,6 +1870,8 @@ static NOINLINE int do_tmem_destroy_pool
if ( client->pools == NULL )
return 0;
+ if ( pool_id >= MAX_POOLS_PER_DOMAIN )
+ return 0;
if ( (pool = client->pools[pool_id]) == NULL )
return 0;
client->pools[pool_id] = NULL;
Copy Permalink