qemu-e2k

History

Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at most. If more than 256 luns are specified by user, we have buffer overflow in scsi_target_emulate_report_luns. To fix, we allocate the buffer dynamically. Signed-off-by: Asias He <asias@redhat.com> Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>	2013-10-09 17:24:18 +02:00
..
esp.h
scsi.h	scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]	2013-10-09 17:24:18 +02:00

Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

2013-10-09 17:24:18 +02:00

esp.h

scsi.h

scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]

2013-10-09 17:24:18 +02:00