Description: compat/gnttab: Prevent infinite loop in compat code
From: Andrew Cooper <andrew.cooper3@citrix.com>
Origin: upstream, commit:23410:178f63286b02
Id: CVE-2012-4539
---
diff -r 61eb3d030f52 -r 178f63286b02 xen/common/compat/grant_table.c
--- a/xen/common/compat/grant_table.c	Wed Nov 14 11:43:29 2012 +0000
+++ b/xen/common/compat/grant_table.c	Wed Nov 14 11:46:12 2012 +0000
@@ -310,6 +310,8 @@
 #undef XLAT_gnttab_get_status_frames_HNDL_frame_list
                 if ( unlikely(__copy_to_guest(cmp_uop, &cmp.get_status, 1)) )
                     rc = -EFAULT;
+                else
+                    i = 1;
             }
             break;
         }
