subject:"\[Qemu\-devel\] \[PATCH v5 17\/24\] ssi\-sd\: fix buffer overrun on invalid state load"

Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

2014-04-03 Thread Michael S. Tsirkin

On Thu, Apr 03, 2014 at 06:05:03PM +0100, Peter Maydell wrote: > On 3 April 2014 17:52, Michael S. Tsirkin wrote: > > CVE-2013-4537 > > > > s->arglen is taken from wire and used as idx > > in ssi_sd_transfer(). > > > > Validate it before access. > > > > Signed-off-by: Michael S. Tsirkin > > --- >

Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

2014-04-03 Thread Peter Maydell

On 3 April 2014 17:52, Michael S. Tsirkin wrote: > CVE-2013-4537 > > s->arglen is taken from wire and used as idx > in ssi_sd_transfer(). > > Validate it before access. > > Signed-off-by: Michael S. Tsirkin > --- > hw/sd/ssi-sd.c | 8 > 1 file changed, 8 insertions(+) > > diff --git a/h

[Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

2014-04-03 Thread Michael S. Tsirkin

CVE-2013-4537 s->arglen is taken from wire and used as idx in ssi_sd_transfer(). Validate it before access. Signed-off-by: Michael S. Tsirkin --- hw/sd/ssi-sd.c | 8 1 file changed, 8 insertions(+) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 3273c8a..2fa2b2b 100644 --- a/hw/sd

Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

[Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load

3 matches

Site Navigation

Mail list logo

Footer information