FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-02 15:21:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d159457b84
linux/drivers/xen/xenbus
History
Insu Yun 85c0a87cd1 xen: fix potential integer overflow in queue_reply 
When len is greater than UINT_MAX - sizeof(*rb), in next allocation,
it can overflow integer range and allocates small size of heap.
After that, memcpy will overflow the allocated heap.
Therefore, it needs to check the size of given length.

Signed-off-by: Insu Yun <wuninsu@gmail.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
2016-02-15 13:56:57 +00:00
..
Makefile
xenbus_client.c xenbus: Support multiple grants ring with 64KB 2015-10-23 14:20:47 +01:00
xenbus_comms.c
xenbus_comms.h
xenbus_dev_backend.c xen: Use correctly the Xen memory terminologies 2015-09-08 18:03:49 +01:00
xenbus_dev_frontend.c xen: fix potential integer overflow in queue_reply 2016-02-15 13:56:57 +00:00
xenbus_probe_backend.c xen: remove DEFINE_XENBUS_DRIVER() macro 2014-10-06 10:27:57 +01:00
xenbus_probe_frontend.c xen: remove DEFINE_XENBUS_DRIVER() macro 2014-10-06 10:27:57 +01:00
xenbus_probe.c xen/xenbus: Use Xen page definition 2015-10-23 14:20:37 +01:00
xenbus_probe.h xen: remove DEFINE_XENBUS_DRIVER() macro 2014-10-06 10:27:57 +01:00
xenbus_xs.c