possible null dereference when parsing vif ratelimiting info

2013-10-10T12:00:00
ID XSA-68
Type xen
Reporter Xen Project
Modified 2013-10-10T12:22:00

Description

ISSUE DESCRIPTION

The libxlu library function xlu_vif_parse_rate does not properly handle inputs which consist solely of the '@' character, leading to a NULL pointer dereference.

IMPACT

A toolstack which allows untrusted users to specify an arbitrary configuration for the VIF rate can be subjected to a DOS. The only known user of this library is the xl toolstack which does not have a central long running daemon and therefore the impact is limited to crashing the process which is creating the domain, which exists only to service a single domain.

VULNERABLE SYSTEMS

The vulnerable code is present from Xen 4.2 onwards.