qemu/include/hw/scsi at 4fe822e075d6befa3714f7066158678e92cedb8b - system/qemu

mirror of https://gitlab.com/qemu-project/qemu synced 2024-10-07 19:49:59 +00:00

History

Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He <asias@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>	2013-10-09 17:24:18 +02:00
..
esp.h	hw: move headers to include/	2013-04-08 18:13:10 +02:00
scsi.h	scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]	2013-10-09 17:24:18 +02:00

Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2013-10-09 17:24:18 +02:00

esp.h

hw: move headers to include/

2013-04-08 18:13:10 +02:00

scsi.h

scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

2013-10-09 17:24:18 +02:00