diff options
| author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-06-21 09:47:39 +0100 |
|---|---|---|
| committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-06-21 09:47:39 +0100 |
| commit | 284d8c488102b6d59adb2a89930e9e3827f1ba19 (patch) | |
| tree | 07fa0021976e6b3112ff7709c2fe47d155b0fe5e /tools | |
| parent | f09e6f80624aeaac7e5070358ccf6580391c1cb2 (diff) | |
| download | xen-284d8c488102b6d59adb2a89930e9e3827f1ba19.tar.gz xen-284d8c488102b6d59adb2a89930e9e3827f1ba19.tar.bz2 xen-284d8c488102b6d59adb2a89930e9e3827f1ba19.zip | |
libxenguest: Add missing range-check on count field read from a domain
save/restore file.
Signed-off-by: Keir Fraser <keir@xensource.com>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/libxc/xc_domain_restore.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c index aaabed6d42..3193ce191c 100644 --- a/tools/libxc/xc_domain_restore.c +++ b/tools/libxc/xc_domain_restore.c @@ -903,13 +903,14 @@ int xc_domain_restore(int xc_handle, int io_fd, uint32_t dom, /* Get the list of PFNs that are not in the psuedo-phys map */ { - unsigned int count; + unsigned int count = 0; unsigned long *pfntab; int nr_frees, rc; - if ( !read_exact(io_fd, &count, sizeof(count)) ) + if ( !read_exact(io_fd, &count, sizeof(count)) || + (count > (1U << 28)) ) /* up to 1TB of address space */ { - ERROR("Error when reading pfn count"); + ERROR("Error when reading pfn count (= %u)", count); goto out; } |