hw/pci/pcie_aer.c: fix buffer overruns on invalid state load - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Michael S. Tsirkin	2014-04-03 18:51:31 +0200
committer	Juan Quintela	2014-05-05 22:15:02 +0200
commit	5f691ff91d323b6f97c6600405a7f9dc115a0ad1 (patch)
tree	b74c3b71e045d1fda8480300959fcb6689400f92 /linux-headers
parent	hpet: fix buffer overrun on invalid state load (diff)
download	qemu-5f691ff91d323b6f97c6600405a7f9dc115a0ad1.tar.gz qemu-5f691ff91d323b6f97c6600405a7f9dc115a0ad1.tar.xz qemu-5f691ff91d323b6f97c6600405a7f9dc115a0ad1.zip

hw/pci/pcie_aer.c: fix buffer overruns on invalid state load

4) CVE-2013-4529 hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is too large There are two issues in this file: 1. log_max from remote can be larger than on local then buffer will overrun with data coming from state file. 2. log_num can be larger then we get data corruption again with an overflow but not adversary controlled. Fix both issues. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>

Diffstat (limited to 'linux-headers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: