Google Git
Sign in
fuchsia / third_party / qemu / 13a5490536c5c260ad158d5b9672daebcd1d85d5
commit13a5490536c5c260ad158d5b9672daebcd1d85d5[log] [tgz]
authorPhilippe Mathieu-Daudé <philmd@redhat.com>Thu Mar 05 13:12:52 2020 +0100
committerDavid Gibson <david@gibson.dropbear.id.au>Tue Mar 17 15:08:50 2020 +1100
treee56917f15045a9356aa437d94d980ffb2bf2699e
parentff78b728f6c9d2c274dab20114bfe052322365a1 [diff]
hw/scsi/spapr_vscsi: Prevent buffer overflow

Depending on the length of sense data, vscsi_send_rsp() can
overrun the buffer size.
Do not copy more than SRP_MAX_IU_DATA_LEN bytes, and assert
that vscsi_send_iu() is always called with a size in range.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200305121253.19078-7-philmd@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
1 file changed
tree: e56917f15045a9356aa437d94d980ffb2bf2699e
  1. .gitlab-ci.d/
  2. accel/
  3. audio/
  4. authz/
  5. backends/
  6. block/
  7. bsd-user/
  8. chardev/
  9. contrib/
  10. crypto/
  11. default-configs/
  12. disas/
  13. docs/
  14. dump/
  15. fpu/
  16. fsdev/
  17. gdb-xml/
  18. hw/
  19. include/
  20. io/
  21. libdecnumber/
  22. linux-headers/
  23. linux-user/
  24. migration/
  25. monitor/
  26. nbd/
  27. net/
  28. pc-bios/
  29. plugins/
  30. po/
  31. python/
  32. qapi/
  33. qga/
  34. qobject/
  35. qom/
  36. replay/
  37. roms/
  38. scripts/
  39. scsi/
  40. softmmu/
  41. storage-daemon/
  42. stubs/
  43. target/
  44. tcg/
  45. tests/
  46. tools/
  47. trace/
  48. ui/
  49. util/
  50. capstone
  51. dtc
  52. slirp
  53. .cirrus.yml
  54. .dir-locals.el
  55. .editorconfig
  56. .exrc
  57. .gdbinit
  58. .gitignore
  59. .gitlab-ci-edk2.yml
  60. .gitlab-ci.yml
  61. .gitmodules
  62. .gitpublish
  63. .mailmap
  64. .patchew.yml
  65. .readthedocs.yml
  66. .shippable.yml
  67. .travis.yml
  68. arch_init.c
  69. balloon.c
  70. block.c
  71. blockdev-nbd.c
  72. blockdev.c
  73. blockjob.c
  74. bootdevice.c
  75. Changelog
  76. CODING_STYLE.rst
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. cpus-common.c
  81. cpus.c
  82. device_tree.c
  83. disas.c
  84. dma-helpers.c
  85. exec-vary.c
  86. exec.c
  87. gdbstub.c
  88. gitdm.config
  89. hmp-commands-info.hx
  90. hmp-commands.hx
  91. ioport.c
  92. iothread.c
  93. job-qmp.c
  94. job.c
  95. Kconfig.host
  96. LICENSE
  97. MAINTAINERS
  98. Makefile
  99. Makefile.objs
  100. Makefile.target
  101. memory.c
  102. memory_ldst.inc.c
  103. memory_mapping.c
  104. module-common.c
  105. os-posix.c
  106. os-win32.c
  107. qdev-monitor.c
  108. qemu-bridge-helper.c
  109. qemu-edid.c
  110. qemu-img-cmds.hx
  111. qemu-img.c
  112. qemu-io-cmds.c
  113. qemu-io.c
  114. qemu-keymap.c
  115. qemu-nbd.c
  116. qemu-options-wrapper.h
  117. qemu-options.h
  118. qemu-options.hx
  119. qemu-seccomp.c
  120. qemu-storage-daemon.c
  121. qemu.nsi
  122. qemu.sasl
  123. qtest.c
  124. README.rst
  125. replication.c
  126. replication.h
  127. rules.mak
  128. thunk.c
  129. tpm.c
  130. trace-events
  131. VERSION
  132. version.rc