File CVE-2013-4529-01-qemuu-pci-fix-buffer-overrun-on-invalid-state-load.patch of Package xen.6121
References: bsc#964929 CVE-2013-4529
Subject: vmstate: add VMS_MUST_EXIST
From: Michael S. Tsirkin mst@redhat.com Thu Apr 3 19:50:31 2014 +0300
Date: Mon May 5 14:15:10 2014 +0200:
Git: 5bf81c8d63db0216a4d29dc87f9ce530bb791dd1
Can be used to verify a required field exists or validate
state in some other way.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/migration/vmstate.h
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/include/migration/vmstate.h
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/migration/vmstate.h
@@ -100,6 +100,7 @@ enum VMStateFlags {
VMS_MULTIPLY = 0x200, /* multiply "size" field by field_size */
VMS_VARRAY_UINT8 = 0x400, /* Array with size in uint8_t field*/
VMS_VARRAY_UINT32 = 0x800, /* Array with size in uint32_t field*/
+ VMS_MUST_EXIST = 0x1000, /* Field must exist in input */
};
typedef struct {
Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/savevm.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/savevm.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/savevm.c
@@ -1731,6 +1731,10 @@ int vmstate_load_state(QEMUFile *f, cons
return ret;
}
}
+ } else if (field->flags & VMS_MUST_EXIST) {
+ fprintf(stderr, "Input validation failed: %s/%s\n",
+ vmsd->name, field->name);
+ return -1;
}
field++;
}
@@ -1791,6 +1795,12 @@ void vmstate_save_state(QEMUFile *f, con
field->info->put(f, addr, size);
}
}
+ } else {
+ if (field->flags & VMS_MUST_EXIST) {
+ fprintf(stderr, "Output state validation failed: %s/%s\n",
+ vmsd->name, field->name);
+ assert(!(field->flags & VMS_MUST_EXIST));
+ }
}
field++;
}
