]> Git Repo - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fd28938) | patch
esp: check command buffer length before write(CVE-2016-4439)
authorPrasad J Pandit <[email protected]>
Thu, 19 May 2016 10:39:30 +0000 (16:09 +0530)
committerPaolo Bonzini <[email protected]>
Mon, 23 May 2016 14:53:45 +0000 (16:53 +0200)
commitc98c6c105f66f05aa0b7c1d2a4a3f716450907ef
treeabe4f75408dc950a553ca8e122198666cd7a7553tree | snapshot
parentfd28938b7adb33f8af11849cdd0d0b2fb92990e3commit | diff
esp: check command buffer length before write(CVE-2016-4439)

The 53C9X Fast SCSI Controller(FSC) comes with an internal 16-byte
FIFO buffer. It is used to handle command and data transfer. While
writing to this command buffer 's->cmdbuf[TI_BUFSZ=16]', a check
was missing to validate input length. Add check to avoid OOB write
access.

Fixes CVE-2016-4439.

Reported-by: Li Qiang <[email protected]>
Cc: [email protected]
Signed-off-by: Prasad J Pandit <[email protected]>
Message-Id: <1463654371[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
hw/scsi/esp.c diff | blob | blame | history
Empty description
This page took 0.026935 seconds and 4 git commands to generate.