linux

History

Dan Carpenter 42d8644bd7 xen: Prevent buffer overflow in privcmd ioctl The "call" variable comes from the user in privcmd_ioctl_hypercall(). It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32) elements. We need to put an upper bound on it to prevent an out of bounds access. Cc: stable@vger.kernel.org Fixes: `1246ae0bb9` ("xen: add variable hypercall caller") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Juergen Gross <jgross@suse.com>	2019-04-05 08:42:45 +02:00
..
asm	xen: Prevent buffer overflow in privcmd ioctl	2019-04-05 08:42:45 +02:00
uapi/asm	arch: Use asm-generic/socket.h when possible	2019-02-03 11:17:30 -08:00

Dan Carpenter 42d8644bd7 xen: Prevent buffer overflow in privcmd ioctl

The "call" variable comes from the user in privcmd_ioctl_hypercall().
It's an offset into the hypercall_page[] which has (PAGE_SIZE / 32)
elements.  We need to put an upper bound on it to prevent an out of
bounds access.

Cc: stable@vger.kernel.org
Fixes: 1246ae0bb9 ("xen: add variable hypercall caller")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>

2019-04-05 08:42:45 +02:00

asm xen: Prevent buffer overflow in privcmd ioctl 2019-04-05 08:42:45 +02:00

uapi/asm arch: Use asm-generic/socket.h when possible 2019-02-03 11:17:30 -08:00