Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Maintenance:9835
qemu-linux-user.openSUSE_Leap_42.3_Update
0075-multiboot-check-mh_load_end_addr-ad.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0075-multiboot-check-mh_load_end_addr-ad.patch of Package qemu-linux-user.openSUSE_Leap_42.3_Update
From 2262724c385fd93c424ec5c28ad24fc32b6746e7 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit <pjp@fedoraproject.org> Date: Wed, 28 Feb 2018 01:18:16 +0530 Subject: [PATCH] multiboot: check mh_load_end_addr address field While loading kernel via multiboot-v1 image, (flags & 0x00010000) indicates that multiboot header contains valid addresses to load the kernel image. In that, end of the data segment address 'mh_load_end_addr' should be less than the bss segment address 'mh_bss_end_addr'. Add check to validate that. Reported-by: CERT CC <cert.cc@orange.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> [LY: BSC#1083291 CVE-2018-7550] Signed-off-by: Liang Yan <lyan@suse.com> --- hw/i386/multiboot.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c index 22688d376d..418c5b83ae 100644 --- a/hw/i386/multiboot.c +++ b/hw/i386/multiboot.c @@ -227,6 +227,10 @@ int load_multiboot(FWCfgState *fw_cfg, fprintf(stderr, "invalid mh_load_addr address\n"); exit(1); } + if (mh_load_end_addr > mh_bss_end_addr) { + fprintf(stderr, "invalid mh_load_end_addr address\n"); + exit(1); + } uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); uint32_t mb_load_size = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor