qemu-e2k/hw/scsi
Asias He 846424350b scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344]
r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
most. If more than 256 luns are specified by user, we have buffer
overflow in scsi_target_emulate_report_luns.

To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Tested-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-10-09 17:24:18 +02:00
..
esp-pci.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
esp.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
lsi53c895a.c lsi: add 53C810 variant 2013-09-16 12:42:40 +02:00
Makefile.objs vhost-scsi: new device supporting the tcm_vhost Linux kernel module 2013-04-19 16:18:11 +02:00
megasas.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
mfi.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
scsi-bus.c scsi: Allocate SCSITargetReq r->buf dynamically [CVE-2013-4344] 2013-10-09 17:24:18 +02:00
scsi-disk.c scsi-disk: scsi-block device for scsi pass-through should not be removable 2013-06-18 12:43:03 +02:00
scsi-generic.c scsi-generic: check the return value of bdrv_aio_ioctl in execute_command 2013-06-18 12:43:03 +02:00
spapr_vscsi.c spapr-vscsi: Report error on unsupported MAD requests 2013-09-12 13:15:54 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
vhost-scsi.c devices: Associate devices to their logical category 2013-07-29 10:37:09 -05:00
viosrp.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
virtio-scsi.c virtio-scsi: Make type virtio-scsi-common abstract 2013-09-12 08:46:21 +02:00
vmw_pvscsi.c scsi: Pass size to scsi_bus_new() 2013-08-30 20:14:39 +02:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00