Address potential guest to host escape

author Kruti Pendharkar <kp025370@broadcom.com>

Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)

committer Kruti Pendharkar <kp025370@broadcom.com>

Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)
author Kruti Pendharkar <kp025370@broadcom.com>
Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)
committer Kruti Pendharkar <kp025370@broadcom.com>
Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)
diff --git a/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c b/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c

index 4ac8591f1431bedc42e5a73d4daa4fdbe119db82..1a84e806a68d7ec888549e65d86fa22dea2d779f 100644 (file)
--- a/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c
+++ b/open-vm-tools/lib/hgfsServer/hgfsServerPacketUtil.c
@@ -1,5 +1,6 @@
  /*********************************************************
- * Copyright (C) 2010-2019 VMware, Inc. All rights reserved.
+ * Copyright (c) 2010-2025 Broadcom. All Rights Reserved.
+ * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
   *
   * This program is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as published
@@ -470,14 +471,7 @@ HSPUGetBuf(HgfsServerChannelCallbacks *chanCb,  // IN: Channel callbacks
        goto exit;
     }
  
-   if (iovMapped == 1) {
-      /* A single page buffer is contiguous so hold on to guest mappings. */
-      *buf = iov[startIndex].va;
-      goto exit;
-   }
-
-   /* More than one page was mapped. */
-   ASSERT(iov[startIndex].len < bufSize);
+   ASSERT(iov[startIndex].len <= bufSize);
  
     LOG(10, "%s: Hgfs Allocating buffer \n", __FUNCTION__);
     *buf = Util_SafeMalloc(bufSize);
author	Kruti Pendharkar <kp025370@broadcom.com>
	Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)
committer	Kruti Pendharkar <kp025370@broadcom.com>
	Fri, 17 Oct 2025 04:25:49 +0000 (21:25 -0700)