qemu-e2k/hw
Daniel P. Berrangé 375cb86d9f usb-mtp: fix bounds check for guest provided filename
The ObjectInfo struct has a variable length array containing the UTF-16
encoded filename. The number of characters of trailing data is given by
the 'length' field in the struct and this must be validated against the
size of the data packet received from the guest.

Since the data is UTF-16, we must convert the byte count we have to a
character count before validating. This must take care to truncate if
a malicious guest sent an odd number of bytes.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-04-16 20:43:39 +01:00
..
9pfs trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
acpi acpi: verify file entries in bios_linker_loader_add_pointer() 2019-04-02 11:49:14 -04:00
adc
alpha * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
arm trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
audio Revert "audio: fix pc speaker init" 2019-04-01 08:53:40 +02:00
block xen-block: scale sector based quantities correctly 2019-04-04 18:00:07 +01:00
bt
char * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
core Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
cpu
cris cris-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
display * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
dma trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
gpio Pull request 2019-03-25 17:01:10 +00:00
hppa * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
hyperv hyperv: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
i2c trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
i386 hw/i386/pc: Fix crash when hot-plugging nvdimm on older machine types 2019-04-09 18:34:21 +02:00
ide trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
input trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
intc * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
ipack build: convert pci.mak to Kconfig 2019-03-07 21:45:53 +01:00
ipmi ipmi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
isa * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
lm32 pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
m68k m68k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
mem trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
microblaze pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
mips pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
misc * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
moxie moxie-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
net virtio-net: Fix typo in comment 2019-04-02 11:49:14 -04:00
nios2 nios2-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
nvram trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
openrisc or1k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
pci pci: Allow PCI bus subtypes to support extended config space accesses 2019-04-09 09:14:47 +10:00
pci-bridge kconfig: add dependencies on CONFIG_MSI_NONBROKEN 2019-03-18 09:39:57 +01:00
pci-host * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
pcmcia
ppc spapr_pci: Fix broken naming of PCI bus 2019-04-12 12:23:02 +10:00
rdma * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
riscv riscv: plic: Log guest errors 2019-04-04 16:36:21 -07:00
s390x hw/s390x/3270-ccw: avoid taking address of fields in packed struct 2019-04-03 11:19:57 +02:00
scsi trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
sd trace-events: Delete unused trace points 2019-03-22 16:18:07 +00:00
sh4 hw/sh4/Kconfig: r2d machine requires the rtl8139 network card 2019-03-20 11:44:13 +01:00
smbios
sparc trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
sparc64 * Kconfig improvements (msi_nonbroken, imply for default PCI devices) 2019-03-28 09:18:53 +00:00
ssi ssi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
timer trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
tpm trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
tricore - qtest fixes 2019-03-08 16:31:34 +00:00
unicore32 unicore32-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
usb usb-mtp: fix bounds check for guest provided filename 2019-04-16 20:43:39 +01:00
vfio hw/vfio/ccw: avoid taking address members in packed structs 2019-04-03 11:19:57 +02:00
virtio trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
watchdog trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
xen trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
xenpv
xtensa hw: Use PFLASH_CFI0{1,2} and TYPE_PFLASH_CFI0{1,2} 2019-03-11 22:53:44 +01:00
Kconfig kconfig: add dependencies on CONFIG_MSI_NONBROKEN 2019-03-18 09:39:57 +01:00
Makefile.objs i2c: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00