Paolo Bonzini c170aad8b0 scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158) ... This is a guest-triggerable buffer overflow present in QEMU 2.2.0 and newer. scsi_cdb_length returns -1 as an error value, but the caller does not check it. Luckily, the massive overflow means that QEMU will just SIGSEGV, making the impact much smaller. Reported-by: Zhu Donghai (朱东海) <donghai.zdh@alibaba-inc.com> Fixes: 1894df0281 Reviewed-by: Fam Zheng <famz@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>		2015-07-24 13:57:44 +02:00
..
esp-pci.c	scsi: Convert remaining PCI HBAs to realize()	2015-03-10 11:18:23 +01:00
esp.c	esp: Do not overwrite ESP_TCHI after reset	2014-11-12 10:27:03 +01:00
lsi53c895a.c	scsi: Convert remaining PCI HBAs to realize()	2015-03-10 11:18:23 +01:00
Makefile.objs	virtio-scsi-dataplane: Code to run virtio-scsi on iothread	2014-09-30 11:11:20 +02:00
megasas.c	pci: Don't register a specialized 'config_write' if default behavior is intended	2015-06-19 12:17:49 +02:00
mfi.h	megasas: add MegaRAID SAS 2108 emulation	2014-10-31 11:29:00 +01:00
scsi-bus.c	scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)	2015-07-24 13:57:44 +02:00
scsi-disk.c	scsi-hd: fix property unset case	2015-03-10 14:02:24 +01:00
scsi-generic.c	scsi: Drop superfluous conditionals around g_free()	2014-12-15 12:21:02 +01:00
spapr_vscsi.c	spapr_vio: Convert to realize()	2015-03-09 15:00:07 +01:00
srp.h	spapr-vscsi: add task management	2013-09-12 08:46:21 +02:00
vhost-scsi.c	qerror: Move #include out of qerror.h	2015-06-22 18:20:40 +02:00
viosrp.h
virtio-scsi-dataplane.c	virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring	2015-03-26 14:23:16 +01:00
virtio-scsi.c	virtio-scsi: move qdev properties into virtio-scsi.c	2015-06-10 18:15:34 +02:00
vmw_pvscsi.c	pci: Don't register a specialized 'config_write' if default behavior is intended	2015-06-19 12:17:49 +02:00
vmw_pvscsi.h	scsi: VMWare PVSCSI paravirtual device implementation	2013-04-19 10:44:17 +02:00