esp: check dma length before reading scsi command(CVE-2016-4441) - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2016-05-19 12:39:31 +0200
committer	Paolo Bonzini	2016-05-23 16:53:46 +0200
commit	6c1fef6b59563cc415f21e03f81539ed4b33ad90 (patch)
tree	087a2fd35b82e4c7157742af6cda74f083c445be /scripts
parent	esp: check command buffer length before write(CVE-2016-4439) (diff)
download	qemu-6c1fef6b59563cc415f21e03f81539ed4b33ad90.tar.gz qemu-6c1fef6b59563cc415f21e03f81539ed4b33ad90.tar.xz qemu-6c1fef6b59563cc415f21e03f81539ed4b33ad90.zip

esp: check dma length before reading scsi command(CVE-2016-4441)

The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte FIFO buffer. It is used to handle command and data transfer. Routine get_cmd() uses DMA to read scsi commands into this buffer. Add check to validate DMA length against buffer size to avoid any overrun. Fixes CVE-2016-4441. Reported-by: Li Qiang <liqiang6-s@360.cn> Cc: qemu-stable@nongnu.org Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1463654371-11169-3-git-send-email-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: