On 05.02.2020 14:11, Jan Beulich wrote:
> Ilja has reported a couple of issues which were on the boundary of
> needing an XSA, due to some vagueness of the statements resulting
> from XSA-77. The first 3 patches here address these reports, after
> having settled within the Security Team that we can't find anyone /
> anything actually being potentially affected in reality.
>
> In the course of auditing for possible actual issues resulting from
> the missing overflow check addressed by patch 3, a few more cleanup
> opportunities were noticed, which the remaining 3 patches take care
> of.
>
> 1: EFI: re-check {get,set}-variable name strings after copying in
> 2: EFI: don't leak heap contents through XEN_EFI_get_next_variable_name
> 3: xmalloc: guard against integer overflow
Since these three patches have been suitably ack-ed, and since
they also aren't new to the majority of the REST maintainers,
I'm intending to commit them no later than tomorrow, perhaps
even before I leave today. Unless, of course, I hear objections.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
