a890a2f913
Malformed input can have config_len in migration stream exceed the array size allocated on destination, the result will be heap overflow. To fix, that config_len matches on both sides. CVE-2014-0182 Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> -- v2: use %ix and %zx to print config_len values Signed-off-by: Juan Quintela <quintela@redhat.com> |
||
---|---|---|
.. | ||
dataplane | ||
Makefile.objs | ||
vhost.c | ||
virtio-balloon.c | ||
virtio-bus.c | ||
virtio-mmio.c | ||
virtio-pci.c | ||
virtio-pci.h | ||
virtio-rng.c | ||
virtio.c |