virtio: properly validate address before accessing config - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jason Wang <jasowang@redhat.com>	2013-05-07 13:42:49 +0800
committer	Anthony Liguori <aliguori@us.ibm.com>	2013-05-08 15:54:21 -0500
commit	5f5a1318653c08e435cfa52f60b6a712815b659d (patch)
tree	f0225933089d17dc522c51ab17b71e24c619c4cb /qga/commands-posix.c
parent	62c96360ae7f2c7a8b029277fbb7cb082fdef7fd (diff)
download	focaccia-qemu-5f5a1318653c08e435cfa52f60b6a712815b659d.tar.gz focaccia-qemu-5f5a1318653c08e435cfa52f60b6a712815b659d.zip

virtio: properly validate address before accessing config

There are several several issues in the current checking:

- The check was based on the minus of unsigned values which can overflow
- It was done after .{set|get}_config() which can lead crash when config_len
  is zero since vdev->config is NULL

Fix this by:

- Validate the address in virtio_pci_config_{read|write}() before
  .{set|get}_config
- Use addition instead minus to do the validation

Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Petr Matousek <pmatouse@redhat.com>
Message-id: 1367905369-10765-1-git-send-email-jasowang@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Diffstat (limited to 'qga/commands-posix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: