aboutsummaryrefslogtreecommitdiff
path: root/hw/s390x/s390-pci-inst.h
diff options
context:
space:
mode:
authorLi Qiang <liqiang6-s@360.cn>2016-11-01 12:00:40 +0100
committerGreg Kurz <groug@kaod.org>2016-11-01 12:03:01 +0100
commit7e55d65c56a03dcd2c5d7c49d37c5a74b55d4bd6 (patch)
tree308e1f069dee27eaf7f7e7c101ecce607c0da1c4 /hw/s390x/s390-pci-inst.h
parent8495f9ad26d398f01e208a53f1a5152483a16084 (diff)
9pfs: fix integer overflow issue in xattr read/write
The v9fs_xattr_read() and v9fs_xattr_write() are passed a guest originated offset: they must ensure this offset does not go beyond the size of the extended attribute that was set in v9fs_xattrcreate(). Unfortunately, the current code implement these checks with unsafe calculations on 32 and 64 bit values, which may allow a malicious guest to cause OOB access anyway. Fix this by comparing the offset and the xattr size, which are both uint64_t, before trying to compute the effective number of bytes to read or write. Suggested-by: Greg Kurz <groug@kaod.org> Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-By: Guido Günther <agx@sigxcpu.org> Signed-off-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'hw/s390x/s390-pci-inst.h')
0 files changed, 0 insertions, 0 deletions