diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2008-07-21 09:41:36 +0100 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2008-07-21 09:41:36 +0100 |
| commit | 2325e6972157eaaad9af69892fd0fd70154c04ae (patch) | |
| tree | 027f355dc5467bf6989981e7527c86618bdc76aa /tools/flask | |
| parent | 39f22f5e08c8d7ff61d44eb04befb1c122ca763c (diff) | |
| download | xen-2325e6972157eaaad9af69892fd0fd70154c04ae.tar.gz xen-2325e6972157eaaad9af69892fd0fd70154c04ae.tar.bz2 xen-2325e6972157eaaad9af69892fd0fd70154c04ae.zip | |
[XSM][FLASK] Argument handling bugs in XSM:FLASK
Addresses a number of argument handling bugs in the flask_op hypercall
in the XSM:Flask module. Thanks to Rafal Wojtczuk at McAfee for
reporting the issues and Tim Deegan at Citrix for providing an
initial patch.
This patch addresses the following issues:
- bounds checking and validation on input arguments to flask_op
- updated ABI/API, size and cmd are now uint32_t
- updated userspace tools and libraries to account for ABI/API
changes
- implemented all copies using from/to guest, better portability
- implemented upper bounds checking on op->cmd, op->size
- implemented sanity checking on op->size and op->buf
- implemented bit vector for checking from/to usage on op->cmd
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools/flask')
| -rw-r--r-- | tools/flask/libflask/flask_op.c | 6 | ||||
| -rw-r--r-- | tools/flask/libflask/include/flask.h | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c index c0ca22d0dd..396c0814a8 100644 --- a/tools/flask/libflask/flask_op.c +++ b/tools/flask/libflask/flask_op.c @@ -22,7 +22,7 @@ #include <flask.h> #include <xenctrl.h> -int flask_load(int xc_handle, char *buf, int size) +int flask_load(int xc_handle, char *buf, uint32_t size) { int err; flask_op_t op; @@ -37,7 +37,7 @@ int flask_load(int xc_handle, char *buf, int size) return 0; } -int flask_context_to_sid(int xc_handle, char *buf, int size, uint32_t *sid) +int flask_context_to_sid(int xc_handle, char *buf, uint32_t size, uint32_t *sid) { int err; flask_op_t op; @@ -54,7 +54,7 @@ int flask_context_to_sid(int xc_handle, char *buf, int size, uint32_t *sid) return 0; } -int flask_sid_to_context(int xc_handle, int sid, char *buf, int size) +int flask_sid_to_context(int xc_handle, int sid, char *buf, uint32_t size) { int err; flask_op_t op; diff --git a/tools/flask/libflask/include/flask.h b/tools/flask/libflask/include/flask.h index 5973933ac8..5241f7a2a0 100644 --- a/tools/flask/libflask/include/flask.h +++ b/tools/flask/libflask/include/flask.h @@ -15,8 +15,8 @@ #include <xen/xen.h> #include <xen/xsm/flask_op.h> -int flask_load(int xc_handle, char *buf, int size); -int flask_context_to_sid(int xc_handle, char *buf, int size, uint32_t *sid); -int flask_sid_to_context(int xc_handle, int sid, char *buf, int size); +int flask_load(int xc_handle, char *buf, uint32_t size); +int flask_context_to_sid(int xc_handle, char *buf, uint32_t size, uint32_t *sid); +int flask_sid_to_context(int xc_handle, int sid, char *buf, uint32_t size); #endif /* __FLASK_H__ */ |