OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
fe3c546c5f
qemu-e2k/hw
History
Prasad J Pandit fe3c546c5f usb: check RNDIS buffer offsets & length 
When processing remote NDIS control message packets,
the USB Net device emulator uses a fixed length(4096) data buffer.
The incoming informationBufferOffset & Length combination could
overflow and cross that range. Check control message buffer
offsets and length to avoid it.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1455648821-17340-3-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-02-23 10:38:01 +01:00
..
9pfs
acpi
alpha
arm hw/arm/sysbus-fdt: remove qemu_fdt_setprop returned value check 2016-02-19 09:42:31 -07:00
audio ES1370: QOMify 2016-02-11 15:15:46 +03:00
block hw/block/nand.c: Include osdep.h first 2016-02-16 14:29:26 +00:00
bt
char
core
cpu
cris
display xen: Drop __XEN_LATEST_INTERFACE_VERSION__ checks from prior to Xen 4.2 2016-02-10 12:01:32 +00:00
dma etraxfs_dma: Dont forward zero-length payload to clients 2016-02-20 00:17:48 +01:00
gpio ARM: PL061: Cleaning field of PL061 device state 2016-02-18 14:26:33 +00:00
i2c
i386 xen: drop support for Xen 4.1 and older. 2016-02-10 12:01:16 +00:00
ide ahci: prohibit "restarting" the FIS or CLB engines 2016-02-10 13:29:40 -05:00
input cuda: port SET_DEVICE_LIST command to new framework 2016-02-17 09:59:30 +11:00
intc all: Clean up includes 2016-02-16 14:29:28 +00:00
ipack
ipmi ipmi: sensor number should not exceed MAX_SENSORS 2016-02-16 16:41:25 +01:00
isa
lm32
m68k
mem
microblaze
mips
misc cuda: remove CUDA_GET_SET_IIC/CUDA_COMBINED_FORMAT_IIC commands 2016-02-17 09:59:31 +11:00
moxie
net vhost-user interrupt management fixes 2016-02-18 16:13:56 +02:00
nvram hw: fix some debug message format strings 2016-02-17 09:59:29 +11:00
openrisc
pci pcie_aer: expose pcie_aer_msg() interface 2016-02-19 09:42:28 -07:00
pci-bridge aer: impove pcie_aer_init to support vfio device 2016-02-19 09:42:28 -07:00
pci-host vhost, virtio, pci, pxe 2016-02-19 10:50:37 +00:00
pcmcia
ppc hw/ppc/spapr: Halt CPU when powering off via RTAS call 2016-02-18 11:08:43 +11:00
s390x s390x: remove s390-zipl.rom 2016-02-11 15:15:47 +03:00
scsi mptsas: fix wrong formula 2016-02-16 16:41:22 +01:00
sd hw/sd: use guest error logging rather than fprintf to stderr 2016-02-18 14:50:50 +00:00
sh4
smbios
sparc
sparc64
ssi
timer tusb6010: move from hw/timer to hw/usb 2016-02-23 10:38:00 +01:00
tpm
tricore
unicore32
usb usb: check RNDIS buffer offsets & length 2016-02-23 10:38:01 +01:00
vfio vfio/pci: use PCI_MSIX_FLAGS on retrieving the MSIX entries 2016-02-19 09:42:32 -07:00
virtio vhost-user interrupt management fixes 2016-02-18 16:13:56 +02:00
watchdog
xen xen: drop XenXC and associated interface wrappers 2016-02-10 12:01:24 +00:00
xenpv
xtensa
Makefile.objs