rpms / xen

Clone
Source Code
GIT

Files

  1.   454702a517ea330976d687398461432c99d149f7
  2.   xsa55-4.20022-libxc-check-blob-size-before-proceeding-in-xc_dom_ch.patch
Blob Blame History Raw 
From 2a548e22915535ac13694eb38222903bca7245e3 Mon Sep 17 00:00:00 2001
From: Matthew Daley <mattjd@gmail.com>
Date: Fri, 14 Jun 2013 16:43:19 +0100
Subject: [PATCH 22/23] libxc: check blob size before proceeding in xc_dom_check_gzip

This is part of the fix to a security issue, XSA-55.

Signed-off-by: Matthew Daley <mattjd@gmail.com>
---
 tools/libxc/xc_dom_core.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
index 3cbf9f7..f8d1b08 100644
--- a/tools/libxc/xc_dom_core.c
+++ b/tools/libxc/xc_dom_core.c
@@ -284,6 +284,11 @@ size_t xc_dom_check_gzip(xc_interface *xch, void *blob, size_t ziplen)
     unsigned char *gzlen;
     size_t unziplen;
 
+    if ( ziplen < 6 )
+        /* Too small.  We need (i.e. the subsequent code relies on)
+         * 2 bytes for the magic number plus 4 bytes length. */
+        return 0;
+
     if ( strncmp(blob, "\037\213", 2) )
         /* not gzipped */
         return 0;
-- 
1.7.2.5
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.