ide: atapi: check logical block address and read size (CVE-2020-29443) - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2021-01-18 12:51:30 +0100
committer	Paolo Bonzini	2021-01-23 15:26:40 +0100
commit	b8d7f1bc59276fec85e4d09f1567613a3e14d31e (patch)
tree	f1ab21d5110b354e6f6d50fc13025829d7bab30a /block/ssh.c
parent	softmmu/physmem: Silence GCC 10 maybe-uninitialized error (diff)
download	qemu-b8d7f1bc59276fec85e4d09f1567613a3e14d31e.tar.gz qemu-b8d7f1bc59276fec85e4d09f1567613a3e14d31e.tar.xz qemu-b8d7f1bc59276fec85e4d09f1567613a3e14d31e.zip

ide: atapi: check logical block address and read size (CVE-2020-29443)

While processing ATAPI cmd_read/cmd_read_cd commands, Logical Block Address (LBA) maybe invalid OR closer to the last block, leading to an OOB access issues. Add range check to avoid it. Fixes: CVE-2020-29443 Reported-by: Wenxiang Qian <leonwxqian@gmail.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <20210118115130.457044-1-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'block/ssh.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: