]> xenbits.xensource.com Git - qemu-upstream-4.3-testing.git/commit
projects / qemu-upstream-4.3-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2ee7534) | patch
scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
authorAsias He <asias@redhat.com>
Wed, 4 Mar 2015 16:22:18 +0000 (16:22 +0000)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Wed, 4 Mar 2015 16:22:18 +0000 (16:22 +0000)
commit9b3d3a82d60e3834d7718508ae85cc7fe525ef14
tree27594b1f1106558c25b87bfcf746e1aa480f3a31tree
parent2ee75346e69ec5ab5f36c90e2e2aa8e8bfd3c7dccommit | diff
scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
hw/scsi-bus.c diff | blob | history
hw/scsi.h diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable