On Mon, Jan 11, 2016 at 03:26:23PM -0700, Jim Fehlig wrote:
Commmit fd2e3c4c used the domctl version 8 structure for version 9 in the xen_getdomaininfolist union, resulting in insufficient buffer size (and subsequent memory corruption) for the GETDOMAININFOLIST ioctl. Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx> --- src/xen/xen_hypervisor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
I cannot test this, but it's kind of obvious. ACK.
diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c index 431c47a..c1834cb 100644 --- a/src/xen/xen_hypervisor.c +++ b/src/xen/xen_hypervisor.c @@ -309,7 +309,7 @@ union xen_getdomaininfolist { struct xen_v2d6_getdomaininfo *v2d6; struct xen_v2d7_getdomaininfo *v2d7; struct xen_v2d8_getdomaininfo *v2d8; - struct xen_v2d8_getdomaininfo *v2d9; + struct xen_v2d9_getdomaininfo *v2d9; }; typedef union xen_getdomaininfolist xen_getdomaininfolist; -- 2.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list