qemu-e2k/hw/scsi
Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-09 17:24:18 +02:00
..
esp-pci.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
esp.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
lsi53c895a.c lsi: add 53C810 variant 2013-09-16 12:42:40 +02:00
Makefile.objs
megasas.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
mfi.h
scsi-bus.c scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] 2013-10-09 17:24:18 +02:00
scsi-disk.c
scsi-generic.c
spapr_vscsi.c spapr-vscsi: Report error on unsupported MAD requests 2013-09-12 13:15:54 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
vhost-scsi.c
viosrp.h
virtio-scsi.c virtio-scsi: Make type virtio-scsi-common abstract 2013-09-12 08:46:21 +02:00
vmw_pvscsi.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
vmw_pvscsi.h