mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
439346ce8f
qemu/include
History
Vitaly Chikunov e64e27d5cb 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread 
`struct dirent' returned from readdir(3) could be shorter (or longer)
than `sizeof(struct dirent)', thus memcpy of sizeof length will overread
into unallocated page causing SIGSEGV. Example stack trace:

 #0  0x00005555559ebeed v9fs_co_readdir_many (/usr/bin/qemu-system-x86_64 + 0x497eed)
 #1  0x00005555559ec2e9 v9fs_readdir (/usr/bin/qemu-system-x86_64 + 0x4982e9)
 #2  0x0000555555eb7983 coroutine_trampoline (/usr/bin/qemu-system-x86_64 + 0x963983)
 #3  0x00007ffff73e0be0 n/a (n/a + 0x0)

While fixing this, provide a helper for any future `struct dirent' cloning.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/841
Cc: qemu-stable@nongnu.org
Co-authored-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Tested-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Acked-by: Greg Kurz <groug@kaod.org>
Tested-by: Vitaly Chikunov <vt@altlinux.org>
Message-Id: <20220216181821.3481527-1-vt@altlinux.org>
[C.S. - Fix typo in source comment. ]
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
2022-02-17 16:57:58 +01:00
..
authz Prefer 'on' | 'off' over 'yes' | 'no' for bool options 2021-01-29 17:07:53 +00:00
block hw/nvme: add support for zoned random write area 2022-02-14 08:58:29 +01:00
chardev ui/dbus: add chardev backend & interface 2021-12-21 10:50:22 +04:00
crypto crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
disas target/riscv: setup everything for rv64 to support rv128 execution 2022-01-08 15:46:10 +10:00
exec include/exec: fix softmmu version of TARGET_ABI_FMT_lx 2022-02-09 13:29:38 +00:00
fpu softfloat: Add float64r32 arithmetic routines 2021-12-17 17:57:15 +01:00
hw hw/intc: Add RISC-V AIA APLIC device emulation 2022-02-16 12:24:19 +10:00
io io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers 2021-02-10 09:23:28 +00:00
libdecnumber libdecnumber: Introduce decNumberIntegralToInt128 2021-11-09 10:32:52 +11:00
migration Fixed a QEMU hang when guest poweroff in COLO mode 2021-12-15 10:31:42 +01:00
monitor monitor: introduce HumanReadableText and HMP support 2021-11-02 15:55:13 +00:00
net Revert "virtio-net: add support for configure interrupt" 2022-01-10 16:00:54 -05:00
qapi monitor: introduce HumanReadableText and HMP support 2021-11-02 15:55:13 +00:00
qemu 9pfs: Fix segfault in do_readdir_many caused by struct dirent overread 2022-02-17 16:57:58 +01:00
qom monitor: Fix find_device_state() for IDs containing slashes 2021-11-10 06:14:51 +01:00
scsi scsi: inline sg_io_sense_from_errno() into the callers. 2021-03-06 11:42:56 +01:00
semihosting semihosting: Move include/hw/semihosting/ -> include/semihosting/ 2021-03-10 15:34:12 +00:00
standard-headers linux-headers: sync VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE 2022-01-07 19:30:13 -05:00
sysemu rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
tcg exec/memop: Adding signedness to quad definitions 2022-01-08 15:46:10 +10:00
ui ui: avoid warnings about directdb on Alpine / musl libc 2022-01-18 16:42:41 +00:00
user common-user: Move safe-syscall.* from linux-user 2021-12-20 10:12:24 -08:00
elf.h elf: Add machine type value for LoongArch 2021-12-21 13:17:06 -08:00
glib-compat.h docs/devel: more documentation on the use of suffixes 2022-01-18 16:42:42 +00:00
qemu-common.h rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
qemu-io.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00