aboutsummaryrefslogtreecommitdiff
path: root/hw/input/ps2.c
diff options
context:
space:
mode:
authorAsias He <asias@redhat.com>2013-10-09 15:41:03 +0800
committerPaolo Bonzini <pbonzini@redhat.com>2013-10-09 17:24:18 +0200
commit846424350b292f16b732b573273a5c1f195cd7a3 (patch)
tree0a25400c33e0c31eac0c451debea9ec630357168 /hw/input/ps2.c
parent24c7608a5d973e5d562715998e9887f74deac794 (diff)
scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He <asias@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/input/ps2.c')
0 files changed, 0 insertions, 0 deletions