qemu/hw/usb
Daniel P. Berrangé 375cb86d9f usb-mtp: fix bounds check for guest provided filename
The ObjectInfo struct has a variable length array containing the UTF-16
encoded filename. The number of characters of trailing data is given by
the 'length' field in the struct and this must be validated against the
size of the data packet received from the guest.

Since the data is UTF-16, we must convert the byte count we have to a
character count before validating. This must take care to truncate if
a malicious guest sent an odd number of bytes.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-04-16 20:43:39 +01:00
..
bus.c hw/usb/bus.c: Handle "no speed matched" case in usb_mask_to_str() 2019-04-01 08:53:44 +02:00
ccid-card-emulated.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
ccid-card-passthru.c hw/usb: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
ccid.h usb-ccid: convert CCIDCardClass::exitfn() -> unrealize() 2018-01-26 07:59:33 +01:00
chipidea.c usb: Add basic code to emulate Chipidea USB IP 2018-02-09 10:40:30 +00:00
combined-packet.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
core.c usb: remove unnecessary NULL device check from usb_ep_get() 2019-02-20 09:41:23 +01:00
desc-msos.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.h all: Clean up includes 2016-02-23 12:43:05 +00:00
dev-audio.c audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
dev-bluetooth.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-hid.c usb: assign unique serial numbers to hid devices 2019-01-30 06:47:52 +01:00
dev-hub.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-mtp.c usb-mtp: fix bounds check for guest provided filename 2019-04-16 20:43:39 +01:00
dev-network.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
dev-serial.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
dev-smartcard-reader.c qdev: pass an Object * to qbus_set_hotplug_handler() 2019-02-17 21:54:02 +11:00
dev-storage.c block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
dev-uas.c Revert "usb: release the created buses" 2018-06-18 09:15:51 +02:00
dev-wacom.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
hcd-ehci-pci.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci-sysbus.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci.c ehci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ehci.h hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-musb.c usb: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ohci.c ohci: don't die on ED_LINK_LIMIT overflow 2019-03-26 12:01:45 +01:00
hcd-uhci.c uhci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-xhci-nec.c xhci: split into multiple files 2017-05-29 14:03:35 +02:00
hcd-xhci.c xhci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-xhci.h usb: implement XHCI underrun/overrun events 2019-01-30 06:47:52 +01:00
host-libusb.c Introduce new "no_guest_reset" parameter for usb-host device 2019-03-07 10:03:54 +01:00
host-stub.c usb: Remove legacy -usbdevice options (host, serial, disk and net) 2018-01-26 07:15:08 +01:00
host.h usb-host: move legacy cmd line bits 2013-02-19 12:30:05 +01:00
Kconfig scsi: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
libhw.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
Makefile.objs build: convert usb.mak to Kconfig 2019-03-07 21:45:53 +01:00
quirks-ftdi-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks-pl2303-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
quirks.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
redirect.c usb: add device checks before redirector calls to usb_ep_get() 2019-02-20 09:41:23 +01:00
trace-events trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
tusb6010.c hw: Remove unused 'hw/devices.h' include 2019-03-07 22:16:11 +01:00
xen-usb.c xen: re-name XenDevice to XenLegacyDevice... 2019-01-14 13:45:40 +00:00