[Pkg-xen-changes] [xen] 02/06: pre-fill structures for certain HYPERVISOR_xen_version sub-ops
Bastian Blank
waldi at moszumanska.debian.org
Thu Mar 12 17:35:03 UTC 2015
This is an automated email from the git hooks/post-receive script.
waldi pushed a commit to branch debian/jessie
in repository xen.
commit 1c0f5093a6bd646df4b8f3e4abe7190abf8579c7
Author: Aaron Adams <Aaron.Adams at nccgroup.com>
Date: Thu Mar 5 13:46:24 2015 +0100
pre-fill structures for certain HYPERVISOR_xen_version sub-ops
... avoiding to pass hypervisor stack contents back to the caller
through space unused by the respective strings.
This is CVE-2015-2045 / XSA-122.
Signed-off-by: Aaron Adams <Aaron.Adams at nccgroup.com>
Acked-by: Jan Beulich <jbeulich at suse.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
master commit: fe2e079f642effb3d24a6e1a7096ef26e691d93e
master date: 2015-03-05 13:35:54 +0100
(cherry picked from commit 40ab3d6b78a9f5a8a22bb333fdca0309e4a2fb4b)
Patch-Name: CVE-2015-2045.diff
---
xen/common/kernel.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index 877d461..adc68a5 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -233,6 +233,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
case XENVER_extraversion:
{
xen_extraversion_t extraversion;
+
+ memset(extraversion, 0, sizeof(extraversion));
safe_strcpy(extraversion, xen_extra_version());
if ( copy_to_guest(arg, extraversion, ARRAY_SIZE(extraversion)) )
return -EFAULT;
@@ -242,6 +244,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
case XENVER_compile_info:
{
struct xen_compile_info info;
+
+ memset(&info, 0, sizeof(info));
safe_strcpy(info.compiler, xen_compiler());
safe_strcpy(info.compile_by, xen_compile_system_maintainer_local());
safe_strcpy(info.compile_domain, xen_compile_system_maintainer_domain());
@@ -277,6 +281,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
case XENVER_changeset:
{
xen_changeset_info_t chgset;
+
+ memset(chgset, 0, sizeof(chgset));
safe_strcpy(chgset, xen_changeset());
if ( copy_to_guest(arg, chgset, ARRAY_SIZE(chgset)) )
return -EFAULT;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xen/xen.git
More information about the Pkg-xen-changes
mailing list