leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
42d8644bd7
linux/arch
History
Dan Carpenter 42d8644bd7 xen: Prevent buffer overflow in privcmd ioctl 
The "call" variable comes from the user in privcmd_ioctl_hypercall().
It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
elements.  We need to put an upper bound on it to prevent an out of
bounds access.

Cc: stable@vger.kernel.org
Fixes: 1246ae0bb9 ("xen: add variable hypercall caller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
2019-04-05 08:42:45 +02:00
..
alpha Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-14 09:28:12 -07:00
arc memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
arm We have a fairly balanced mix of clk driver updates and clk framework 2019-03-14 08:46:17 -07:00
arm64 treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
c6x treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
csky treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
h8300 treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
hexagon y2038: additional syscall ABI cleanup 2019-02-27 21:45:27 +01:00
ia64 ia64: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:01 -07:00
m68k Merge branch 'akpm' (patches from Andrew) 2019-03-12 10:39:53 -07:00
microblaze Microblaze patches for 5.1-rc1 2019-03-14 10:27:47 -07:00
mips Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-14 09:28:12 -07:00
nds32 treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
nios2 nios2 update for v5.1-rc1 2019-03-10 10:13:37 -07:00
openrisc treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
parisc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-14 09:28:12 -07:00
powerpc treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
riscv DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
s390 treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
sh memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
sparc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-14 09:28:12 -07:00
um treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
unicore32 treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
x86 xen: Prevent buffer overflow in privcmd ioctl 2019-04-05 08:42:45 +02:00
xtensa treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
.gitignore
Kconfig Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00