qemu/hw/usb
John Millikin fe9d8927e2 scsi: Add buf_len parameter to scsi_req_new()
When a SCSI command is received from the guest, the CDB length implied
by the first byte might exceed the number of bytes the guest sent. In
this case scsi_req_new() will read uninitialized data, causing
unpredictable behavior.

Adds the buf_len parameter to scsi_req_new() and plumbs it through the
call stack.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-1-john@john-millikin.com>
[Fill in correct length for adapters other than ESP. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-09-01 07:42:37 +02:00
..
bus.c qapi: introduce x-query-usb QMP command 2021-11-02 15:55:14 +00:00
canokey.c hw: canokey: Remove HS support as not compliant to the spec 2022-07-01 12:39:51 +02:00
canokey.h hw/usb: Add CanoKey Implementation 2022-06-14 10:34:36 +02:00
ccid-card-emulated.c modules: introduces module_kconfig directive 2022-06-06 09:26:53 +02:00
ccid-card-passthru.c modules: introduces module_kconfig directive 2022-06-06 09:26:53 +02:00
ccid.h
chipidea.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
combined-packet.c usb: limit combined packets to 1 MiB (CVE-2021-3527) 2021-05-05 15:06:01 +02:00
core.c
desc-msos.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
desc.c usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
desc.h usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
dev-audio.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
dev-hid.c hid: Implement support for side and extra buttons 2022-02-22 17:15:36 +01:00
dev-hub.c
dev-mtp.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
dev-network.c
dev-serial.c
dev-smartcard-reader.c include: move C/util-related declarations to cutils.h 2022-04-06 14:31:43 +02:00
dev-storage-bot.c scsi: Replace scsi_bus_new() with scsi_bus_init(), scsi_bus_init_named() 2021-09-30 13:42:10 +01:00
dev-storage-classic.c scsi: Replace scsi_bus_new() with scsi_bus_init(), scsi_bus_init_named() 2021-09-30 13:42:10 +01:00
dev-storage.c scsi: Add buf_len parameter to scsi_req_new() 2022-09-01 07:42:37 +02:00
dev-uas.c scsi: Add buf_len parameter to scsi_req_new() 2022-09-01 07:42:37 +02:00
dev-wacom.c hw/usb/dev-wacom: add missing HID descriptor 2022-01-13 10:22:00 +01:00
hcd-dwc2.c dma: Let dma_memory_read/write() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
hcd-dwc2.h Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
hcd-dwc3.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
hcd-ehci-pci.c
hcd-ehci-sysbus.c hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize() 2021-03-26 09:14:48 +01:00
hcd-ehci.c hw/usb/hcd-ehci: fix writeback order 2022-06-14 10:34:36 +02:00
hcd-ehci.h
hcd-musb.c
hcd-ohci-pci.c
hcd-ohci.c usb/ohci: Don't use packet from OHCIState for isochronous transfers 2022-03-04 09:34:21 +01:00
hcd-ohci.h
hcd-uhci.c usb/uhci: Replace pci_set_irq with qemu_set_irq 2021-11-02 14:32:32 +01:00
hcd-uhci.h usb/uhci: Replace pci_set_irq with qemu_set_irq 2021-11-02 14:32:32 +01:00
hcd-xhci-nec.c
hcd-xhci-pci.c hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X 2021-05-28 09:10:20 +02:00
hcd-xhci-pci.h
hcd-xhci-sysbus.c hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X 2021-05-28 09:10:20 +02:00
hcd-xhci-sysbus.h
hcd-xhci.c hw/usb/hcd-xhci: Fix unbounded loop in xhci_ring_chain_length() (CVE-2020-14394) 2022-08-16 11:37:19 +02:00
hcd-xhci.h hw/usb: hcd-xhci-pci: Fix spec violation of IP flag for MSI/MSI-X 2021-05-28 09:10:20 +02:00
host-libusb.c modules: introduces module_kconfig directive 2022-06-06 09:26:53 +02:00
host.h
imx-usb-phy.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
Kconfig meson: Add CanoKey 2022-06-14 10:34:36 +02:00
libhw.c dma: Let dma_memory_map() take MemTxAttrs argument 2021-12-30 17:16:32 +01:00
meson.build meson: Add CanoKey 2022-06-14 10:34:36 +02:00
pcap.c
quirks-ftdi-ids.h hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
quirks-pl2303-ids.h
quirks.c
quirks.h Drop the deprecated lm32 target 2021-05-12 18:20:25 +02:00
redirect.c usbredir: avoid queuing hello packet on snapshot restore 2022-06-14 10:34:36 +02:00
trace-events hw/usb/canokey: Add trace events 2022-06-14 10:34:36 +02:00
trace.h
tusb6010.c
u2f-emulated.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
u2f-passthru.c
u2f.c
u2f.h misc: fix commonly doubled up words 2022-08-01 11:58:02 +02:00
vt82c686-uhci-pci.c hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts 2021-11-02 14:32:32 +01:00
xen-usb.c hw: Do not include hw/sysbus.h if it is not necessary 2021-05-02 17:24:50 +02:00
xlnx-usb-subsystem.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00