diff options
author | Ian Jackson <ian.jackson@eu.citrix.com> | 2013-06-14 16:39:38 +0100 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2013-06-14 16:39:38 +0100 |
commit | aaebaba5ae225f591e0602e071037a935bb281b6 (patch) | |
tree | 9a07778117750d262577415f9994d92be1816367 /tools/libxc/xc_offline_page.c | |
parent | 2bcee4b3c316379f4b52cb308947eb6db3faf1a0 (diff) | |
download | xen-aaebaba5ae225f591e0602e071037a935bb281b6.tar.gz xen-aaebaba5ae225f591e0602e071037a935bb281b6.tar.bz2 xen-aaebaba5ae225f591e0602e071037a935bb281b6.zip |
libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range
The return values from xc_dom_*_to_ptr and xc_map_foreign_range are
sometimes dereferenced, or subjected to pointer arithmetic, without
checking whether the relevant function failed and returned NULL.
Add an appropriate error check at every call site.
This is part of the fix to a security issue, XSA-55.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
v8: Add a missing check in xc_offline_page.c:xc_exchange_page,
which was in the next patch in v7 of the series.
Also improve the message.
I think in this particular error case it may be that the results
are a broken guest, but turning this from a possible host tools
crash into a guest problem seems to solve the potential security
problem.
v7: Simplify an error DOMPRINTF to not use "load ? : ".
Make DOMPRINTF allocation error messages consistent.
Do not set elf->dest_pages in xc_dom_load_elf_kernel
if xc_dom_seg_to_ptr_pages fails.
v5: This patch is new in this version of the series.
Diffstat (limited to 'tools/libxc/xc_offline_page.c')
-rw-r--r-- | tools/libxc/xc_offline_page.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/libxc/xc_offline_page.c b/tools/libxc/xc_offline_page.c index 089a361440..36b981285c 100644 --- a/tools/libxc/xc_offline_page.c +++ b/tools/libxc/xc_offline_page.c @@ -714,6 +714,11 @@ int xc_exchange_page(xc_interface *xch, int domid, xen_pfn_t mfn) new_p = xc_map_foreign_range(xch, domid, PAGE_SIZE, PROT_READ|PROT_WRITE, new_mfn); + if ( new_p == NULL ) + { + ERROR("failed to map new_p for copy, guest may be broken?"); + goto failed; + } memcpy(new_p, backup, PAGE_SIZE); munmap(new_p, PAGE_SIZE); mops.arg1.mfn = new_mfn; |