sysutils/xentools41/patches/patch-CVE-2015-8554


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

$NetBSD: patch-CVE-2015-8554,v 1.1 2016/01/07 17:55:55 bouyer Exp $

patch for CVE-2015-8554 aka XSA-164 from
http://xenbits.xenproject.org/xsa/xsa164.patch

--- ioemu-qemu-xen/hw/pt-msi.c.orig
+++ ioemu-qemu-xen/hw/pt-msi.c
@@ -440,6 +440,13 @@ static void pci_msix_writel(void *opaque
         return;
     }
 
+    if ( addr - msix->mmio_base_addr >= msix->total_entries * 16 )
+    {
+        PT_LOG("Error: Out of bounds write to MSI-X table,"
+               " addr %016"PRIx64"\n", addr);
+        return;
+    }
+
     entry_nr = (addr - msix->mmio_base_addr) / 16;
     entry = &msix->msix_entry[entry_nr];
     offset = ((addr - msix->mmio_base_addr) % 16) / 4;