qemu/include/hw/scsi
Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-09 17:24:18 +02:00
..
esp.h hw: move headers to include/ 2013-04-08 18:13:10 +02:00
scsi.h scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] 2013-10-09 17:24:18 +02:00