qemu/usb at stable-5.0 - qemu - Gitea: Git with a cup of tea

mii/qemu

mirror of https://github.com/mii443/qemu.git synced 2025-08-22 23:25:48 +00:00

Files

History

Gerd Hoffmann f243bb4b0d usb: fix setup_len init (CVE-2020-14364)

Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.

This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Message-id: 20200825053636.29648-1-kraxel@redhat.com
(cherry picked from commit b946434f26)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

2020-09-09 18:51:39 -05:00

..

bus.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

ccid-card-emulated.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

ccid-card-passthru.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

ccid.h

Include hw/qdev-properties.h less

2019-08-16 13:31:53 +02:00

chipidea.c

Include qemu/module.h where needed, drop it from qemu-common.h

2019-06-12 13:18:33 +02:00

combined-packet.c

Include qemu-common.h exactly where needed

2019-06-12 13:20:20 +02:00

core.c

usb: fix setup_len init (CVE-2020-14364)

2020-09-09 18:51:39 -05:00

desc-msos.c

usb: use local path for local headers

2018-06-01 19:20:38 +03:00

desc.c

usb: use local path for local headers

2018-06-01 19:20:38 +03:00

desc.h

all: Clean up includes

2016-02-23 12:43:05 +00:00

dev-audio.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

dev-hid.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

dev-hub.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

dev-mtp.c

usb/dev-mtp: Fix Error double free after inotify failure

2020-09-02 19:06:19 -05:00

dev-network.c

misc: Replace zero-length arrays with flexible array member (automatic)

2020-03-16 22:07:42 +01:00

dev-serial.c

usb-serial: Fix timeout closing the device

2020-03-17 09:05:34 +01:00

dev-smartcard-reader.c

misc: Replace zero-length arrays with flexible array member (automatic)

2020-03-16 22:07:42 +01:00

dev-storage.c

usb/dev-storage: remove unused include

2020-03-09 18:05:19 +00:00

dev-uas.c

uas: fix super speed bMaxPacketSize0

2020-02-12 17:20:41 +01:00

dev-wacom.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

hcd-ehci-pci.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

hcd-ehci-sysbus.c

hw/arm/allwinner-h3: add USB host controller

2020-03-12 16:27:33 +00:00

hcd-ehci.c

usb/hcd-ehci: Remove redundant statements

2020-03-09 11:12:55 +01:00

hcd-ehci.h

hw/arm/allwinner-h3: add USB host controller

2020-03-12 16:27:33 +00:00

hcd-musb.c

Include qemu-common.h exactly where needed

2019-06-12 13:20:20 +02:00

hcd-ohci-pci.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

hcd-ohci.c

hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include file

2020-02-21 16:07:02 +00:00

hcd-ohci.h

hw: usb: hcd-ohci: Move OHCISysBusState and TYPE_SYSBUS_OHCI to include file

2020-02-21 16:07:02 +00:00

hcd-uhci.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

hcd-xhci-nec.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

hcd-xhci.c

xhci: fix valid.max_access_size to access address registers

2020-08-27 00:03:16 -05:00

hcd-xhci.h

Supply missing header guards

2019-06-12 13:20:21 +02:00

host-libusb.c

usb-host: wait for cancel complete

2020-02-12 17:20:31 +01:00

host-stub.c

Include qemu-common.h exactly where needed

2019-06-12 13:20:20 +02:00

host.h

usb-host: move legacy cmd line bits

2013-02-19 12:30:05 +01:00

imx-usb-phy.c

hw/usb: Add basic i.MX USB Phy support

2020-03-17 11:23:14 +00:00

Kconfig

hw/usb: Add basic i.MX USB Phy support

2020-03-17 11:23:14 +00:00

libhw.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

Makefile.objs

hw/usb: Add basic i.MX USB Phy support

2020-03-17 11:23:14 +00:00

quirks-ftdi-ids.h

usbredir: Add support for buffered bulk input (v2)

2013-01-08 10:56:58 +01:00

quirks-pl2303-ids.h

usbredir: Add support for buffered bulk input (v2)

2013-01-08 10:56:58 +01:00

quirks.c

hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB

2020-03-16 23:02:25 +01:00

quirks.h

hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB

2020-03-16 23:02:25 +01:00

redirect.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

trace-events

usb-host: remove 'remote wakeup' flag from configuration descriptor

2020-01-13 09:17:31 +01:00

tusb6010.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

xen-usb.c

hw/usb/xen-usb.c: Pass struct usbback_req* to usbback_packet_complete()

2020-04-07 16:13:26 +01:00