xenbits.xensource.com Git - qemu-upstream-4.2-testing.git/commit

]> xenbits.xensource.com Git - qemu-upstream-4.2-testing.git/commit

projects / qemu-upstream-4.2-testing.git / commit

author	Michael S. Tsirkin <mst@redhat.com>
	Wed, 4 Mar 2015 17:14:28 +0000 (17:14 +0000)
committer	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
	Thu, 5 Mar 2015 13:22:12 +0000 (13:22 +0000)
commit	8911317f89b335e3370e14a79eeec6c25511c491
tree	6e9f887e810467becde93497c136109a58bd1230	tree
parent	8c9231f055e1f2a412a6e0aeef72f6b569c82cf8	commit \| diff

virtio: validate config_len on load

Malformed input can have config_len in migration stream
exceed the array size allocated on destination, the
result will be heap overflow.

To fix, that config_len matches on both sides.

CVE-2014-0182

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

hw/virtio.c

diff | blob | history

Obsolete Upstream Qemu based repository for xen-unstable

RSS Atom