mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/ui
History
Wolfgang Bumiller 64ffbe04ea hmp: fix sendkey out of bounds write (CVE-2015-8619) 
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.

Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-03 10:13:06 +01:00
..
shader
cocoa.m
qapi: Change munging of CamelCase enum values
2015-12-17 08:21:28 +01:00
console-gl.c
shaders: initialize vertexes once
2015-10-08 10:31:35 +02:00
console.c
qemu-char: add logfile facility to all chardev backends
2016-01-15 18:58:02 +01:00
curses_keys.h
ui/curses: Fix pageup/pagedown on -curses
2015-11-03 10:12:46 +01:00
curses.c
ui/curses: Fix color attribute of monitor for curses
2016-01-08 12:20:07 +01:00
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c
egl-context.c
opengl: add egl-context.[ch] helpers
2015-10-08 10:34:53 +02:00
egl-helpers.c
gtk-egl.c
gtk/opengl: add opengl context and scanout support (egl)
2015-10-08 10:34:53 +02:00
gtk-gl-area.c
gtk/opengl: add opengl context and scanout support (GtkGLArea)
2015-10-08 10:34:53 +02:00
gtk.c
gtk: use qemu_chr_alloc() to allocate CharDriverState
2016-02-02 14:05:07 +01:00
input-keymap.c
qapi: Don't let implicit enum MAX member collide
2015-12-17 08:21:28 +01:00
input-legacy.c
hmp: fix sendkey out of bounds write (CVE-2015-8619)
2016-02-03 10:13:06 +01:00
input.c
qapi: Don't let implicit enum MAX member collide
2015-12-17 08:21:28 +01:00
keymaps.c
ui: Use g_new() & friends where that makes obvious sense
2015-11-06 15:42:38 +03:00
keymaps.h
Makefile.objs
gtk/opengl: add opengl context and scanout support (GtkGLArea)
2015-10-08 10:34:53 +02:00
qemu-pixman.c
qemu-x509.h
sdl2-2d.c
sdl2: stop flickering
2015-10-08 10:31:35 +02:00
sdl2-gl.c
sdl2/opengl: add opengl context and scanout support
2016-01-08 12:20:15 +01:00
sdl2-input.c
sdl2-keymap.h
sdl2.c
sdl: shorten the GUI refresh interval when mouse or keyboard is active
2016-02-02 14:05:07 +01:00
sdl_keysym.h
sdl_zoom_template.h
sdl_zoom.c
sdl_zoom.h
sdl.c
sdl: shorten the GUI refresh interval when mouse or keyboard is active
2016-02-02 14:05:07 +01:00
shader.c
shaders: initialize vertexes once
2015-10-08 10:31:35 +02:00
spice-core.c
Fix corner-case when using VNC+SASL+SPICE
2016-01-18 16:36:21 +01:00
spice-display.c
spice: surface switch fast path requires same format too.
2015-09-21 09:52:07 +02:00
spice-input.c
qapi: Change munging of CamelCase enum values
2015-12-17 08:21:28 +01:00
vgafont.h
vnc_keysym.h
vnc-auth-sasl.c
ui: convert VNC server to use QIOChannelSocket
2015-12-18 15:02:11 +00:00
vnc-auth-sasl.h
vnc-auth-vencrypt.c
ui: convert VNC server to use QIOChannelTLS
2015-12-18 15:02:11 +00:00
vnc-auth-vencrypt.h
vnc-enc-hextile-template.h
vnc-enc-hextile.c
vnc-enc-tight.c
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle-template.c
vnc-enc-zrle.c
vnc-enc-zrle.h
vnc-enc-zywrle-template.c
vnc-enc-zywrle.h
vnc-jobs.c
ui: convert VNC server to use QIOChannelSocket
2015-12-18 15:02:11 +00:00
vnc-jobs.h
vnc-palette.c
vnc-palette.h
vnc-ws.c
ui: convert VNC server to use QIOChannelWebsock
2015-12-18 15:02:11 +00:00
vnc-ws.h
ui: convert VNC server to use QIOChannelWebsock
2015-12-18 15:02:11 +00:00
vnc.c
Convert qemu-socket to use QAPI exclusively, update MAINTAINERS.
2016-01-21 12:09:41 +00:00
vnc.h
ui: convert VNC server to use QIOChannelWebsock
2015-12-18 15:02:11 +00:00
x_keymap.c
x_keymap.h