xemu-project/xemu
1
0
Fork 0
mirror of https://github.com/xemu-project/xemu.git synced 2025-01-19 10:24:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
xemu/hw
History
Prasad J Pandit c98c6c105f esp: check command buffer length before write(CVE-2016-4439) 
The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer. While
writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check
was missing to validate input length. Add check to avoid OOB write
access.

Fixes CVE-2016-4439.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Cc: qemu-stable@nongnu.org
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1463654371-11169-2-git-send-email-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-23 16:53:45 +02:00
..
9pfs
9p: drop unused declaration from coth.h
2016-05-18 15:04:27 +03:00
acpi
acpi: do not use TARGET_PAGE_SIZE
2016-05-19 16:42:28 +02:00
alpha
alpha: include cpu-qom.h in files that require AlphaCPU
2016-05-19 16:42:27 +02:00
arm
machine: add properties to compat_props incrementaly
2016-05-20 14:28:54 -03:00
audio
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
block
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
bt
qemu-common: stop including qemu/host-utils.h from qemu-common.h
2016-05-19 16:42:28 +02:00
char
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
core
machine: add properties to compat_props incrementaly
2016-05-20 14:28:54 -03:00
cpu
explicitly include qom/cpu.h
2016-05-19 16:42:27 +02:00
cris
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
display
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
dma
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
gpio
hw: clean up hw/hw.h includes
2016-05-19 16:42:30 +02:00
i2c
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
i386
i386: kvmvapic: initialise imm32 variable
2016-05-23 16:53:43 +02:00
ide
atapi: Switch to byte-based block access
2016-05-12 15:22:09 +02:00
input
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
intc
ioapic: clear remote irr bit for edge-triggered interrupts
2016-05-23 16:53:43 +02:00
ipack
ipack: Update e-mail address
2016-05-18 15:04:27 +03:00
ipmi
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
isa
explicitly include qom/cpu.h
2016-05-19 16:42:27 +02:00
lm32
vl: Replace DT_NOGRAPHIC with machine option
2016-05-20 14:28:54 -03:00
m68k
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
mem
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
microblaze
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
mips
mips: use MIPSCPU instead of CPUMIPSState
2016-05-19 16:42:27 +02:00
misc
cpu: move exec-all.h inclusion out of cpu.h
2016-05-19 16:42:29 +02:00
moxie
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
net
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
nvram
vl: Replace DT_NOGRAPHIC with machine option
2016-05-20 14:28:54 -03:00
openrisc
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
pci
Fix some typos found by codespell
2016-05-18 15:04:27 +03:00
pci-bridge
hw/pci-bridge: Add missing unref in case register-bus fails
2016-04-07 19:57:33 +03:00
pci-host
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
pcmcia
hw: Clean up includes
2016-01-29 15:07:25 +00:00
ppc
machine: add properties to compat_props incrementaly
2016-05-20 14:28:54 -03:00
s390x
machine: add properties to compat_props incrementaly
2016-05-20 14:28:54 -03:00
scsi
esp: check command buffer length before write(CVE-2016-4439)
2016-05-23 16:53:45 +02:00
sd
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
sh4
cpu: move exec-all.h inclusion out of cpu.h
2016-05-19 16:42:29 +02:00
smbios
include/qemu/osdep.h: Don't include qapi/error.h
2016-03-22 22:20:15 +01:00
sparc
vl: Replace DT_NOGRAPHIC with machine option
2016-05-20 14:28:54 -03:00
sparc64
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
ssi
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
timer
aspeed: include qemu/log.h
2016-05-20 13:09:22 +01:00
tpm
tpm: Fix write to file descriptor function
2016-04-13 19:52:34 +03:00
tricore
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
unicore32
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
usb
usb: Support compilation without poll.h
2016-05-11 10:37:39 +02:00
vfio
explicitly include linux/kvm.h
2016-05-19 16:42:27 +02:00
virtio
qapi: Split visit_end_struct() into pieces
2016-05-12 09:47:55 +02:00
watchdog
hw: explicitly include qemu/log.h
2016-05-19 16:42:29 +02:00
xen
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
xenpv
xen: Clean up includes
2016-01-29 15:07:23 +00:00
xtensa
qemu-common: push cpu.h inclusion out of qemu-common.h
2016-05-19 16:42:29 +02:00
Makefile.objs
Add a base IPMI interface
2015-12-22 18:39:19 +02:00