OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
c976437c7d
qemu-e2k/hw/arm
History
Michael S. Tsirkin caa881abe0 pxa2xx: avoid buffer overrun on incoming migration 
CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
allwinner-a10.c hw/arm/allwinner-a10: initialize EMAC 2014-02-08 14:50:48 +00:00
armv7m.c
boot.c target-arm: Load ELF images with the correct machine type for CPU 2014-03-24 16:41:10 +00:00
collie.c
cubieboard.c allwinner-a10-pit: implement prescaler and source selection 2014-04-17 21:34:06 +01:00
digic_boards.c hw/arm/digic: add NOR ROM support 2013-12-17 20:12:51 +00:00
digic.c
exynos4_boards.c
exynos4210.c exynos4210: Set reset-cbar property of Cortex-A9 CPUs 2014-03-17 16:31:46 +00:00
gumstix.c
highbank.c hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property 2014-04-04 18:01:09 +01:00
integratorcp.c hw/arm: Stop specifying integratorcp as the default board 2014-03-27 14:00:53 +00:00
kzm.c
mainstone.c mainstone: Fix duplicate array values for key 'space' 2014-01-01 18:03:55 +04:00
Makefile.objs hw/arm: add cubieboard support 2013-12-17 20:12:51 +00:00
musicpal.c hw/arm/musicpal: Avoid shifting left into sign bit 2014-03-10 14:56:30 +00:00
nseries.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
omap1.c hw/arm/omap1.c: Avoid shifting left into sign bit 2014-03-10 14:56:29 +00:00
omap2.c
omap_sx1.c
palm.c
pxa2xx_gpio.c pxa2xx: Don't shift into sign bit 2014-03-10 14:56:29 +00:00
pxa2xx_pic.c pxa2xx: Don't shift into sign bit 2014-03-10 14:56:29 +00:00
pxa2xx.c pxa2xx: avoid buffer overrun on incoming migration 2014-05-05 22:15:02 +02:00
realview.c realview-pbx-a9: Set reset-cbar property for CPUs 2014-03-17 16:31:45 +00:00
spitz.c ssi: Convert legacy SSI_SLAVE -> DEVICE casts 2014-03-12 20:13:02 +01:00
stellaris.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
strongarm.c
strongarm.h
tosa.c tosa: QOM'ify DAC 2014-02-14 16:22:32 +01:00
versatilepb.c i2c: Rename i2c_bus to I2CBus 2014-02-14 16:22:31 +01:00
vexpress.c hw/arm/vexpress, hw/arm/highbank: Don't insist that CPU has reset-cbar property 2014-04-04 18:01:09 +01:00
virt.c hw/arm/virt: Add support for Cortex-A57 2014-05-01 15:25:52 +01:00
xilinx_zynq.c ZYNQ: Implement board MIDR control for Zynq 2014-01-31 14:47:33 +00:00
z2.c z2: QOM'ify AER915 2014-02-14 16:22:32 +01:00