slackcoder/qemu - QEMU is a generic and open source machine & userspace emulator and virtualizer

diff options

author	Gerd Hoffmann <kraxel@redhat.com>	2020-08-25 07:36:36 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2020-08-31 08:23:39 +0200
commit	b946434f2659a182afc17e155be6791ebfb302eb (patch)
tree	d0b25ff035e1bfa46b0349e8dfdea112c9eaa49c /chardev/char-null.c
parent	202d69a715a4b1824dcd7ec1683d027ed2bae6d3 (diff)

usb: fix setup_len init (CVE-2020-14364)

Store calculated setup_len in a local variable, verify it, and only write it to the struct (USBDevice->setup_len) in case it passed the sanity checks. This prevents other code (do_token_{in,out} functions specifically) from working with invalid USBDevice->setup_len values and overrunning the USBDevice->setup_buf[] buffer. Fixes: CVE-2020-14364 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Message-id: 20200825053636.29648-1-kraxel@redhat.com

Diffstat (limited to 'chardev/char-null.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: