mii/qemu
1
0
Fork 0
mirror of https://github.com/mii443/qemu.git synced 2025-08-27 01:19:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ab139bf9d278e7ce4fe83d81a4a01b51c7d82091
qemu/hw/usb
History
Michael S. Tsirkin 15c35dfd92 usb: sanity check setup_index+setup_len in post_load 
CVE-2013-4541

s->setup_len and s->setup_index are fed into usb_packet_copy as
size/offset into s->data_buf, it's possible for invalid state to exploit
this to load arbitrary data.

setup_len and setup_index should be checked to make sure
they are not negative.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 9f8e9895c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-07-20 22:05:55 -05:00
..
bus.c
usb: sanity check setup_index+setup_len in post_load
2014-07-20 22:05:55 -05:00
ccid-card-emulated.c
Add a 'name' parameter to qemu_thread_create
2014-03-09 21:09:38 +02:00
ccid-card-passthru.c
devices: Associate devices to their logical category
2013-07-29 10:37:09 -05:00
ccid.h
hw: move private headers to hw/ subdirectories.
2013-04-08 18:13:16 +02:00
combined-packet.c
usb: Fix iovec memleak on combined-packet free
2013-09-19 11:28:40 +02:00
core.c
usb: Add max_streams attribute to endpoint info
2013-11-26 09:21:17 +01:00
desc-msos.c
usb: add support for microsoft os descriptors
2014-01-16 12:59:59 +01:00
desc.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
desc.h
usb: add support for microsoft os descriptors
2014-01-16 12:59:59 +01:00
dev-audio.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-bluetooth.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-hid.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-hub.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-network.c
Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-3' into staging
2014-02-20 15:25:05 +00:00
dev-serial.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-smartcard-reader.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-storage.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-uas.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
dev-wacom.c
usb: Remove magic constants from device bmAttributes
2014-02-18 15:39:12 +01:00
hcd-ehci-pci.c
qdev:pci: refactor PCIDevice to use generic "hotpluggable" property
2014-02-10 10:26:56 +02:00
hcd-ehci-sysbus.c
devices: Associate devices to their logical category
2013-07-29 10:37:09 -05:00
hcd-ehci.c
Merge remote-tracking branch 'kraxel/tags/pull-usb-1' into staging
2013-12-06 12:54:36 -08:00
hcd-ehci.h
trace: Remove trace.h from hw/usb/hcd-ehci.h (less dependencies)
2013-12-02 21:02:00 +04:00
hcd-musb.c
usb: Pass size to usb_bus_new()
2013-08-30 20:14:39 +02:00
hcd-ohci.c
hw/usb/hcd-ohci.c: Avoid shifting left into sign bit
2014-03-27 19:22:49 +04:00
hcd-uhci.c
uhci: invalidate queue on device address changes
2014-02-18 15:39:13 +01:00
hcd-xhci.c
xhci: use DPRINTF() instead of fprintf(stderr, ...)
2014-02-18 15:39:13 +01:00
host-legacy.c
qdev: Drop misleading qdev_free() function
2013-11-05 18:06:38 +01:00
host-libusb.c
qdev: Remove hex8/32/64 property types
2014-02-14 21:12:04 +01:00
host-stub.c
usb-host: remove usb_host_device_close
2013-02-19 12:30:05 +01:00
host.h
usb-host: move legacy cmd line bits
2013-02-19 12:30:05 +01:00
libhw.c
dma: eliminate DMAContext
2013-06-20 16:39:52 +02:00
Makefile.objs
usb: add support for microsoft os descriptors
2014-01-16 12:59:59 +01:00
quirks-ftdi-ids.h
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
quirks-pl2303-ids.h
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
quirks.c
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
quirks.h
usbredir: Add support for buffered bulk input (v2)
2013-01-08 10:56:58 +01:00
redirect.c
aio / timers: Switch entire codebase to the new timer API
2013-08-22 19:14:24 +02:00