slackcoder/qemu - QEMU is a generic and open source machine & userspace emulator and virtualizer

diff options

author	Michael S. Tsirkin <mst@redhat.com>	2014-04-03 19:52:25 +0300
committer	Michael Roth <mdroth@linux.vnet.ibm.com>	2014-06-26 14:22:06 -0500
commit	c4bd2e4cb0550fd83321029b9ae7582073fcac67 (patch)
tree	688d8b26eea4d40ef37cf0aea40e474f744b2ae1 /hw/net/xilinx_ethlite.c
parent	0776525e77ac1c2e1b7a45ecde1597bb0f460877 (diff)

usb: sanity check setup_index+setup_len in post_load

CVE-2013-4541 s->setup_len and s->setup_index are fed into usb_packet_copy as size/offset into s->data_buf, it's possible for invalid state to exploit this to load arbitrary data. setup_len and setup_index should be checked to make sure they are not negative. Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> (cherry picked from commit 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

Diffstat (limited to 'hw/net/xilinx_ethlite.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: