summaryrefslogtreecommitdiff
path: root/src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp')
-rw-r--r--src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp b/src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp
index 53ee7fe0f..79705ad28 100644
--- a/src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp
+++ b/src/VBox/Additions/common/VBoxGuest/VBoxGuest.cpp
@@ -774,6 +774,13 @@ static int VBoxGuestCommonIOCtl_VMMRequest(PVBOXGUESTDEVEXT pDevExt, PVBOXGUESTS
cbData, cbReq, enmType));
return VERR_INVALID_PARAMETER;
}
+ int rc = VbglGRVerify(pReqHdr, cbData);
+ if (RT_FAILURE(rc))
+ {
+ Log(("VBoxGuestCommonIOCtl: VMMREQUEST: invalid header: size %#x, expected >= %#x (hdr); type=%#x; rc %d!!\n",
+ cbData, cbReq, enmType, rc));
+ return rc;
+ }
/*
* Make a copy of the request in the physical memory heap so
@@ -783,7 +790,7 @@ static int VBoxGuestCommonIOCtl_VMMRequest(PVBOXGUESTDEVEXT pDevExt, PVBOXGUESTS
* it does makes things a bit simpler wrt to phys address.)
*/
VMMDevRequestHeader *pReqCopy;
- int rc = VbglGRAlloc(&pReqCopy, cbReq, enmType);
+ rc = VbglGRAlloc(&pReqCopy, cbReq, enmType);
if (RT_FAILURE(rc))
{
Log(("VBoxGuestCommonIOCtl: VMMREQUEST: failed to allocate %u (%#x) bytes to cache the request. rc=%d!!\n",
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-31 17:16:23 +0000