Overview

File CVE-2021-3592-3594-3595-qemut-prereq2.patch of Package xen

From 93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 15:58:25 +0400
Subject: [PATCH] Add mtod_check()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Recent security issues demonstrate the lack of safety care when casting
a mbuf to a particular structure type. At least, it should check that
the buffer is large enough. The following patches will make use of this
function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 src/mbuf.c | 11 +++++++++++
 src/mbuf.h |  1 +
 2 files changed, 12 insertions(+)

Index: xen-4.9.4-testing/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.c
===================================================================
--- xen-4.9.4-testing.orig/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.c
+++ xen-4.9.4-testing/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.c
@@ -235,3 +235,14 @@ dtom(dat)
 
 	return (struct mbuf *)0;
 }
+
+void *mtod_check(struct mbuf *m, size_t len)
+{
+    if (m->m_len >= len) {
+        return m->m_data;
+    }
+
+    DEBUG_ERROR("mtod failed");
+
+    return NULL;
+}
Index: xen-4.9.4-testing/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.h
===================================================================
--- xen-4.9.4-testing.orig/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.h
+++ xen-4.9.4-testing/tools/qemu-xen-traditional-dir-remote/slirp/mbuf.h
@@ -138,5 +138,6 @@ void m_inc _P((struct mbuf *, int));
 void m_adj _P((struct mbuf *, int));
 int m_copy _P((struct mbuf *, struct mbuf *, int, int));
 struct mbuf * dtom _P((void *));
+void *mtod_check(struct mbuf *, size_t len);
 
 #endif
openSUSE Build Service is sponsored by
Places