riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Philippe Mathieu-Daudé <philmd@redhat.com>	2020-03-05 13:12:52 +0100
committer	David Gibson <david@gibson.dropbear.id.au>	2020-03-17 15:08:50 +1100
commit	13a5490536c5c260ad158d5b9672daebcd1d85d5 (patch)
tree	e56917f15045a9356aa437d94d980ffb2bf2699e /hw/xenpv
parent	ff78b728f6c9d2c274dab20114bfe052322365a1 (diff)
download	qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.zip qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.tar.gz qemu-13a5490536c5c260ad158d5b9672daebcd1d85d5.tar.bz2

hw/scsi/spapr_vscsi: Prevent buffer overflow

Depending on the length of sense data, vscsi_send_rsp() can overrun the buffer size. Do not copy more than SRP_MAX_IU_DATA_LEN bytes, and assert that vscsi_send_iu() is always called with a size in range. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200305121253.19078-7-philmd@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Diffstat (limited to 'hw/xenpv')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: