fe9d8927e2
When a SCSI command is received from the guest, the CDB length implied by the first byte might exceed the number of bytes the guest sent. In this case scsi_req_new() will read uninitialized data, causing unpredictable behavior. Adds the buf_len parameter to scsi_req_new() and plumbs it through the call stack. Signed-off-by: John Millikin <john@john-millikin.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127 Message-Id: <20220817053458.698416-1-john@john-millikin.com> [Fill in correct length for adapters other than ESP. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| bus.c | ||
| canokey.c | ||
| canokey.h | ||
| ccid-card-emulated.c | ||
| ccid-card-passthru.c | ||
| ccid.h | ||
| chipidea.c | ||
| combined-packet.c | ||
| core.c | ||
| desc-msos.c | ||
| desc.c | ||
| desc.h | ||
| dev-audio.c | ||
| dev-hid.c | ||
| dev-hub.c | ||
| dev-mtp.c | ||
| dev-network.c | ||
| dev-serial.c | ||
| dev-smartcard-reader.c | ||
| dev-storage-bot.c | ||
| dev-storage-classic.c | ||
| dev-storage.c | ||
| dev-uas.c | ||
| dev-wacom.c | ||
| hcd-dwc2.c | ||
| hcd-dwc2.h | ||
| hcd-dwc3.c | ||
| hcd-ehci-pci.c | ||
| hcd-ehci-sysbus.c | ||
| hcd-ehci.c | ||
| hcd-ehci.h | ||
| hcd-musb.c | ||
| hcd-ohci-pci.c | ||
| hcd-ohci.c | ||
| hcd-ohci.h | ||
| hcd-uhci.c | ||
| hcd-uhci.h | ||
| hcd-xhci-nec.c | ||
| hcd-xhci-pci.c | ||
| hcd-xhci-pci.h | ||
| hcd-xhci-sysbus.c | ||
| hcd-xhci-sysbus.h | ||
| hcd-xhci.c | ||
| hcd-xhci.h | ||
| host-libusb.c | ||
| host.h | ||
| imx-usb-phy.c | ||
| Kconfig | ||
| libhw.c | ||
| meson.build | ||
| pcap.c | ||
| quirks-ftdi-ids.h | ||
| quirks-pl2303-ids.h | ||
| quirks.c | ||
| quirks.h | ||
| redirect.c | ||
| trace-events | ||
| trace.h | ||
| tusb6010.c | ||
| u2f-emulated.c | ||
| u2f-passthru.c | ||
| u2f.c | ||
| u2f.h | ||
| vt82c686-uhci-pci.c | ||
| xen-usb.c | ||
| xlnx-usb-subsystem.c | ||
| xlnx-versal-usb2-ctrl-regs.c | ||