OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
4a92a558f4
qemu-e2k/hw/ide
History
Michael S. Tsirkin ae2158ad6c ahci: fix buffer overrun on invalid state load 
CVE-2013-4526

Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded.  So
we use the old version of ports to read the array but then allow any
value for ports.  This can cause the code to overflow.

There's no reason to migrate ports - it never changes.
So just make sure it matches.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
ahci.c ahci: fix buffer overrun on invalid state load 2014-05-05 22:15:02 +02:00
ahci.h hw/ide/ahci.h: Avoid shifting left into sign bit 2014-03-07 11:29:21 +01:00
atapi.c bswap.h: Remove cpu_to_be16wu() 2013-11-05 19:57:47 -08:00
cmd646.c hw: set interrupts using pci irq wrappers 2013-10-14 17:11:45 +03:00
core.c ide: Correct improper smart self test counter reset in ide core. 2014-04-14 13:23:53 +01:00
ich.c hw: set interrupts using pci irq wrappers 2013-10-14 17:11:45 +03:00
internal.h ide: Drop ide_init2_with_non_qdev_drives() 2013-11-05 18:06:52 +01:00
isa.c qdev: Remove hex8/32/64 property types 2014-02-14 21:12:04 +01:00
macio.c
Makefile.objs
microdrive.c microdrive: Coding Style cleanups 2013-11-05 18:06:52 +01:00
mmio.c
pci.c hw/ide: Add missing 'static' attributes 2014-03-27 19:22:48 +04:00
pci.h
piix.c Call pci_piix3_xen_ide_unplug from unplug_disks 2014-02-20 17:28:08 +00:00
qdev.c qdev: Remove hex8/32/64 property types 2014-02-14 21:12:04 +01:00
via.c vt82c686: Clean up use of cannot_instantiate_with_device_add_yet 2013-12-23 00:27:23 +01:00