OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
6ad978e9f4
qemu-e2k/hw/scsi
History
Prasad J Pandit 6c1fef6b59 esp: check dma length before reading scsi command(CVE-2016-4441) 
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer.
Routine get_cmd() uses DMA to read scsi commands into this buffer.
Add check to validate DMA length against buffer size to avoid any
overrun.

Fixes CVE-2016-4441.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-23 16:53:46 +02:00
..
esp-pci.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
esp.c esp: check dma length before reading scsi command(CVE-2016-4441) 2016-05-23 16:53:46 +02:00
lsi53c895a.c
Makefile.objs hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
megasas.c
mfi.h
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c mptsas: add missing va_end 2016-02-16 16:41:17 +01:00
mptendian.c hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptsas.c mptsas: fix wrong formula 2016-02-16 16:41:22 +01:00
mptsas.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
scsi-bus.c util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
scsi-disk.c scsi-disk: Switch to byte-based aio block access 2016-05-12 15:22:09 +02:00
scsi-generic.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
spapr_vscsi.c Fix some typos found by codespell 2016-05-18 15:04:27 +03:00
srp.h
vhost-scsi.c util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
viosrp.h
virtio-scsi-dataplane.c virtio: merge virtio_queue_aio_set_host_notifier_handler with virtio_queue_set_aio 2016-04-07 19:57:33 +03:00
virtio-scsi.c virtio-scsi: use aio handler for data plane 2016-04-07 19:57:33 +03:00
vmw_pvscsi.c Fix some typos found by codespell 2016-05-18 15:04:27 +03:00
vmw_pvscsi.h