]> xenbits.xensource.com Git - qemu-upstream-4.2-testing.git/commit
projects / qemu-upstream-4.2-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c25446) | patch
scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
authorAsias He <asias@redhat.com>
Wed, 4 Mar 2015 16:24:34 +0000 (16:24 +0000)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Wed, 4 Mar 2015 16:24:34 +0000 (16:24 +0000)
commitb1a58443260fdd2a1a50f673905f76bfbfddf72b
treea39f1d280a379cd35e567db26432d15a04371928tree
parent2c254462b6731954745aa0bc54235a9dc1c53226commit | diff
scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
hw/scsi-bus.c diff | blob | history
hw/scsi.h diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable