OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
64db6c70dc
qemu-e2k/hw/usb
History
Daniel P. Berrangé 375cb86d9f usb-mtp: fix bounds check for guest provided filename 
The ObjectInfo struct has a variable length array containing the UTF-16
encoded filename. The number of characters of trailing data is given by
the 'length' field in the struct and this must be validated against the
size of the data packet received from the guest.

Since the data is UTF-16, we must convert the byte count we have to a
character count before validating. This must take care to truncate if
a malicious guest sent an odd number of bytes.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Bandan Das <bsd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-04-16 20:43:39 +01:00
..
bus.c hw/usb/bus.c: Handle "no speed matched" case in usb_mask_to_str() 2019-04-01 08:53:44 +02:00
ccid-card-emulated.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
ccid-card-passthru.c
ccid.h
chipidea.c
combined-packet.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
core.c usb: remove unnecessary NULL device check from usb_ep_get() 2019-02-20 09:41:23 +01:00
desc-msos.c
desc.c
desc.h
dev-audio.c audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
dev-bluetooth.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-hid.c usb: assign unique serial numbers to hid devices 2019-01-30 06:47:52 +01:00
dev-hub.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
dev-mtp.c usb-mtp: fix bounds check for guest provided filename 2019-04-16 20:43:39 +01:00
dev-network.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
dev-serial.c char: allow specifying a GMainContext at opening time 2019-02-13 14:23:39 +01:00
dev-smartcard-reader.c qdev: pass an Object * to qbus_set_hotplug_handler() 2019-02-17 21:54:02 +11:00
dev-storage.c
dev-uas.c
dev-wacom.c
hcd-ehci-pci.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci-sysbus.c hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-ehci.c ehci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ehci.h hw/usb: Fix LGPL information in the file headers 2019-01-30 06:47:52 +01:00
hcd-musb.c usb: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-ohci.c ohci: don't die on ED_LINK_LIMIT overflow 2019-03-26 12:01:45 +01:00
hcd-uhci.c uhci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-xhci-nec.c
hcd-xhci.c xhci: check device is not NULL before calling usb_ep_get() 2019-02-20 09:41:23 +01:00
hcd-xhci.h usb: implement XHCI underrun/overrun events 2019-01-30 06:47:52 +01:00
host-libusb.c Introduce new "no_guest_reset" parameter for usb-host device 2019-03-07 10:03:54 +01:00
host-stub.c
host.h
Kconfig scsi: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
libhw.c
Makefile.objs build: convert usb.mak to Kconfig 2019-03-07 21:45:53 +01:00
quirks-ftdi-ids.h
quirks-pl2303-ids.h
quirks.c
quirks.h
redirect.c usb: add device checks before redirector calls to usb_ep_get() 2019-02-20 09:41:23 +01:00
trace-events trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
tusb6010.c hw: Remove unused 'hw/devices.h' include 2019-03-07 22:16:11 +01:00
xen-usb.c xen: re-name XenDevice to XenLegacyDevice... 2019-01-14 13:45:40 +00:00