mirror of
https://github.com/gnif/LookingGlass.git
synced 2024-11-24 14:27:20 +00:00
[module] check vmf->pgoff before using it
Some checks failed
build / client (Debug, map[cc:clang cxx:clang++], libdecor) (push) Has been cancelled
build / client (Debug, map[cc:clang cxx:clang++], xdg-shell) (push) Has been cancelled
build / client (Debug, map[cc:gcc cxx:g++], libdecor) (push) Has been cancelled
build / client (Debug, map[cc:gcc cxx:g++], xdg-shell) (push) Has been cancelled
build / client (Release, map[cc:clang cxx:clang++], libdecor) (push) Has been cancelled
build / client (Release, map[cc:clang cxx:clang++], xdg-shell) (push) Has been cancelled
build / client (Release, map[cc:gcc cxx:g++], libdecor) (push) Has been cancelled
build / client (Release, map[cc:gcc cxx:g++], xdg-shell) (push) Has been cancelled
build / module (push) Has been cancelled
build / host-linux (push) Has been cancelled
build / host-windows-cross (push) Has been cancelled
build / host-windows-native (push) Has been cancelled
build / obs (clang) (push) Has been cancelled
build / obs (gcc) (push) Has been cancelled
build / docs (push) Has been cancelled
Some checks failed
build / client (Debug, map[cc:clang cxx:clang++], libdecor) (push) Has been cancelled
build / client (Debug, map[cc:clang cxx:clang++], xdg-shell) (push) Has been cancelled
build / client (Debug, map[cc:gcc cxx:g++], libdecor) (push) Has been cancelled
build / client (Debug, map[cc:gcc cxx:g++], xdg-shell) (push) Has been cancelled
build / client (Release, map[cc:clang cxx:clang++], libdecor) (push) Has been cancelled
build / client (Release, map[cc:clang cxx:clang++], xdg-shell) (push) Has been cancelled
build / client (Release, map[cc:gcc cxx:g++], libdecor) (push) Has been cancelled
build / client (Release, map[cc:gcc cxx:g++], xdg-shell) (push) Has been cancelled
build / module (push) Has been cancelled
build / host-linux (push) Has been cancelled
build / host-windows-cross (push) Has been cancelled
build / host-windows-native (push) Has been cancelled
build / obs (clang) (push) Has been cancelled
build / obs (gcc) (push) Has been cancelled
build / docs (push) Has been cancelled
As reported by @Crispy-fried-chicken in issue #1133 there is a potential XXE vulnerability here. This fixes this problem by verifying the value of `vmf->pgff` does not exceed the bounds of the memory mapping. Fixes: #1133
This commit is contained in:
parent
d060e375ea
commit
3ea37b86e3
@ -1,5 +1,5 @@
|
|||||||
PACKAGE_NAME="kvmfr"
|
PACKAGE_NAME="kvmfr"
|
||||||
PACKAGE_VERSION="0.0.10"
|
PACKAGE_VERSION="0.0.11"
|
||||||
BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
|
BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
|
||||||
MAKE[0]="make KDIR=${kernel_source_dir}"
|
MAKE[0]="make KDIR=${kernel_source_dir}"
|
||||||
CLEAN="make KDIR=${kernel_source_dir} clean"
|
CLEAN="make KDIR=${kernel_source_dir} clean"
|
||||||
|
@ -88,8 +88,12 @@ static vm_fault_t kvmfr_vm_fault(struct vm_fault *vmf)
|
|||||||
{
|
{
|
||||||
struct vm_area_struct *vma = vmf->vma;
|
struct vm_area_struct *vma = vmf->vma;
|
||||||
struct kvmfrbuf *kbuf = (struct kvmfrbuf *)vma->vm_private_data;
|
struct kvmfrbuf *kbuf = (struct kvmfrbuf *)vma->vm_private_data;
|
||||||
|
pgoff_t pgoff = vmf->pgoff;
|
||||||
|
|
||||||
vmf->page = kbuf->pages[vmf->pgoff];
|
if (pgoff >= kbuf->pagecount)
|
||||||
|
return VM_FAULT_SIGBUS;
|
||||||
|
|
||||||
|
vmf->page = kbuf->pages[pgoff];
|
||||||
get_page(vmf->page);
|
get_page(vmf->page);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user