diff options
author | Philippe Mathieu-Daudé <philmd@redhat.com> | 2020-03-05 13:12:52 +0100 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2020-03-17 15:08:50 +1100 |
commit | 13a5490536c5c260ad158d5b9672daebcd1d85d5 (patch) | |
tree | e56917f15045a9356aa437d94d980ffb2bf2699e /hw/m68k | |
parent | ff78b728f6c9d2c274dab20114bfe052322365a1 (diff) | |
download | qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.zip qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.tar.gz qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.tar.bz2 |
hw/scsi/spapr_vscsi: Prevent buffer overflow
Depending on the length of sense data, vscsi_send_rsp() can
overrun the buffer size.
Do not copy more than SRP_MAX_IU_DATA_LEN bytes, and assert
that vscsi_send_iu() is always called with a size in range.
Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-7-philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'hw/m68k')
0 files changed, 0 insertions, 0 deletions