]> Git Repo - qemu.git/commit - hw/arm/pxa2xx.c
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 36cf2a3) | patch
pxa2xx: avoid buffer overrun on incoming migration
authorMichael S. Tsirkin <[email protected]>
Thu, 3 Apr 2014 16:51:57 +0000 (19:51 +0300)
committerJuan Quintela <[email protected]>
Mon, 5 May 2014 20:15:02 +0000 (22:15 +0200)
commitcaa881abe0e01f9931125a0977ec33c5343e4aa7
tree6938ea78f83cc1373a55f59da1f69febbf96862ftree | snapshot
parent36cf2a37132c7f01fa9adb5f95f5312b27742fd4commit | diff
pxa2xx: avoid buffer overrun on incoming migration

CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <[email protected]>
Reported-by: Michael Roth <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Reviewed-by: Peter Maydell <[email protected]>
Reviewed-by: Don Koch <[email protected]>
Signed-off-by: Juan Quintela <[email protected]>
hw/arm/pxa2xx.c diff | blob | blame | history
Empty description
This page took 0.023874 seconds and 4 git commands to generate.