mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
846424350b
qemu/include
History
Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] 
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-09 17:24:18 +02:00
..
block block: introduce BlockDriver.bdrv_needs_filename to enable some drivers. 2013-09-25 16:21:28 +02:00
disas
exec tcg-ppc: use new return-argument ld/st helpers 2013-09-25 07:45:39 -07:00
fpu
hw scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] 2013-10-09 17:24:18 +02:00
migration migration: add version supporting macros for struct pointer 2013-09-24 13:22:50 +02:00
monitor Merge remote-tracking branch 'kwolf/for-anthony' into staging 2013-09-03 12:32:46 -05:00
net net: Rename send_queue to incoming_queue 2013-09-06 17:01:26 +02:00
qapi qdict: Extract qdict_extract_subqdict 2013-09-25 16:21:28 +02:00
qemu pc,pci,virtio fixes and cleanups 2013-09-30 17:15:01 -05:00
qom QOM CPUState refactorings / X86CPU 2013-09-03 12:33:32 -05:00
sysemu pc,pci,virtio fixes and cleanups 2013-09-30 17:15:01 -05:00
ui spice: fix display initialization 2013-07-30 10:25:47 +02:00
config.h
elf.h s390: Implement dump-guest-memory support for target s390x 2013-07-30 16:12:25 +02:00
glib-compat.h
qemu-common.h qmp: add interface blockdev-snapshot-delete-internal-sync 2013-09-12 10:12:47 +02:00
qemu-io.h
trace.h