Michael S. Tsirkin 95d9149ed3 ssi-sd: fix buffer overrun on invalid state load ...

CVE-2013-4537

s->arglen is taken from wire and used as idx
in ssi_sd_transfer().

Validate it before access.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit a9c380db3b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

2014-07-20 22:05:55 -05:00

..

Makefile.objs

hw: move SD/MMC devices to hw/sd/, configure with default-configs/

2013-04-08 18:13:14 +02:00

milkymist-memcard.c

blockdev: Remove IF_* check for read-only blockdev_init

2013-10-11 16:50:01 +02:00

omap_mmc.c

blockdev: Remove IF_* check for read-only blockdev_init

2013-10-11 16:50:01 +02:00

pl181.c

sysbus: Set cannot_instantiate_with_device_add_yet

2013-12-23 00:27:22 +01:00

pxa2xx_mmci.c

blockdev: Remove IF_* check for read-only blockdev_init

2013-10-11 16:50:01 +02:00

sd.c

sd: Avoid access to NULL BlockDriverState

2013-10-17 10:15:18 +02:00

sdhci.c

Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' into staging

2014-02-20 13:05:48 +00:00

sdhci.h

hw: move private headers to hw/ subdirectories.

2013-04-08 18:13:16 +02:00

ssi-sd.c

ssi-sd: fix buffer overrun on invalid state load

2014-07-20 22:05:55 -05:00