Michael S. Tsirkin 5f691ff91d hw/pci/pcie_aer.c: fix buffer overruns on invalid state load ...

4) CVE-2013-4529
hw/pci/pcie_aer.c    pcie aer log can overrun the buffer if log_num is
                     too large

There are two issues in this file:
1. log_max from remote can be larger than on local
then buffer will overrun with data coming from state file.
2. log_num can be larger then we get data corruption
again with an overflow but not adversary controlled.

Fix both issues.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:02 +02:00

..

Makefile.objs

Makefile.target: CONFIG_NO_* variables removed

2013-10-16 18:21:00 +02:00

msi.c

exec: Make stl_*_phys input an AddressSpace

2014-02-11 22:57:18 +10:00

msix.c

exec: Make stl_*_phys input an AddressSpace

2014-02-11 22:57:18 +10:00

pci_bridge.c

Merge remote-tracking branch 'mst/tags/for_anthony' into staging

2014-01-10 11:04:48 -08:00

pci_host.c

hw/pci/pci_host.c: Avoid shifting left into sign bit

2014-03-27 19:22:49 +04:00

pci-hotplug-old.c

Use error_is_set() only when necessary

2014-02-17 11:57:23 -05:00

pci-stub.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

pci.c

pci: Fix clearing IRQs on reset

2014-03-31 19:53:34 +01:00

pcie_aer.c

hw/pci/pcie_aer.c: fix buffer overruns on invalid state load

2014-05-05 22:15:02 +02:00

pcie_host.c

pcie_host: expose address format

2013-10-14 17:48:51 +03:00

pcie_port.c

pci/pcie: convert PCIE hotplug to use hotplug-handler API

2014-02-10 10:27:00 +02:00

pcie.c

PCIE: fix regression with coldplugged multifunction device

2014-03-09 21:09:37 +02:00

shpc.c

pci/shpc: convert SHPC hotplug to use hotplug-handler API

2014-02-10 10:27:00 +02:00

slotid_cap.c

hw: move qdev-monitor.o to toplevel directory

2013-03-01 13:54:10 +01:00