Overview

File 5579829c-gnttab-add-version-check-to-GNTTABOP_swap_grant_ref.patch of Package xen.950

References: bsc#932790 CVE-2015-4163 XSA-134

# Commit 5d5c09d853d3f212861f70c577c65d1703f752ae
# Date 2015-06-11 14:44:12 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
gnttab: add missing version check to GNTTABOP_swap_grant_ref handling

... avoiding NULL derefs when the version to use wasn't set yet (via
GNTTABOP_setup_table or GNTTABOP_set_version).

This is CVE-2015-4163 / XSA-134.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2393,6 +2393,9 @@ __gnttab_swap_grant_ref(grant_ref_t ref_
 
     spin_lock(&gt->lock);
 
+    if ( gt->gt_version == 0 )
+        PIN_FAIL(out, GNTST_general_error, "grant table not yet set up\n");
+
     /* Bounds check on the grant refs */
     if ( unlikely(ref_a >= nr_grant_entries(d->grant_table)))
         PIN_FAIL(out, GNTST_bad_gntref, "Bad ref-a (%d).\n", ref_a);
openSUSE Build Service is sponsored by
Places