* [PATCH 03/11] tmem: check the pool_id is valid when destroying a tmem pool
@ 2012-09-05 12:35 Jan Beulich
2012-09-05 16:38 ` Dan Magenheimer
0 siblings, 1 reply; 2+ messages in thread
From: Jan Beulich @ 2012-09-05 12:35 UTC (permalink / raw)
To: xen-devel; +Cc: dan.magenheimer, Zhenzhong Duan
[-- Attachment #1: Type: text/plain, Size: 496 bytes --]
This is part of XSA-15 / CVE-2012-3497.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -1870,6 +1870,8 @@ static NOINLINE int do_tmem_destroy_pool
if ( client->pools == NULL )
return 0;
+ if ( pool_id >= MAX_POOLS_PER_DOMAIN )
+ return 0;
if ( (pool = client->pools[pool_id]) == NULL )
return 0;
client->pools[pool_id] = NULL;
[-- Attachment #2: tmem-xsa-15-3 --]
[-- Type: application/octet-stream, Size: 536 bytes --]
tmem: check the pool_id is valid when destroying a tmem pool
This is part of XSA-15 / CVE-2012-3497.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
@@ -1870,6 +1870,8 @@ static NOINLINE int do_tmem_destroy_pool
if ( client->pools == NULL )
return 0;
+ if ( pool_id >= MAX_POOLS_PER_DOMAIN )
+ return 0;
if ( (pool = client->pools[pool_id]) == NULL )
return 0;
client->pools[pool_id] = NULL;
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 03/11] tmem: check the pool_id is valid when destroying a tmem pool
2012-09-05 12:35 [PATCH 03/11] tmem: check the pool_id is valid when destroying a tmem pool Jan Beulich
@ 2012-09-05 16:38 ` Dan Magenheimer
0 siblings, 0 replies; 2+ messages in thread
From: Dan Magenheimer @ 2012-09-05 16:38 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Zhenzhong Duan
> From: Jan Beulich [mailto:JBeulich@suse.com]
> Sent: Wednesday, September 05, 2012 6:35 AM
> To: xen-devel
> Cc: Dan Magenheimer; Zhenzhong Duan
> Subject: [PATCH 03/11] tmem: check the pool_id is valid when destroying a tmem pool
>
> This is part of XSA-15 / CVE-2012-3497.
>
> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
> Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
> --- a/xen/common/tmem.c
> +++ b/xen/common/tmem.c
> @@ -1870,6 +1870,8 @@ static NOINLINE int do_tmem_destroy_pool
>
> if ( client->pools == NULL )
> return 0;
> + if ( pool_id >= MAX_POOLS_PER_DOMAIN )
> + return 0;
> if ( (pool = client->pools[pool_id]) == NULL )
> return 0;
> client->pools[pool_id] = NULL;
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-09-05 16:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-05 12:35 [PATCH 03/11] tmem: check the pool_id is valid when destroying a tmem pool Jan Beulich
2012-09-05 16:38 ` Dan Magenheimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).