ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/intc
History
Michael Roth 609f5bf6fe openpic: avoid buffer overrun on incoming migration 
CVE-2013-4534

opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.

Fix this by failing migration if the value read from the wire exceeds
MAX_CPU.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 73d963c0a7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-06-26 14:18:27 -05:00
..
Makefile.objs xics-kvm: Support for in-kernel XICS interrupt controller 2013-10-25 23:25:47 +02:00
apic.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
apic_common.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
arm_gic.c arm_gic: QOM cast cleanup 2013-07-29 21:06:57 +02:00
arm_gic_common.c arm_gic: Extract headers hw/intc/arm_gic{,_common}.h 2013-11-05 17:47:29 +01:00
arm_gic_kvm.c hw/i*: pass owner to memory_region_init* functions 2013-07-04 17:42:48 +02:00
armv7m_nvic.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
etraxfs_pic.c etraxfs_pic: QOM cast cleanup 2013-07-29 21:06:57 +02:00
exynos4210_combiner.c hw/intc/exynos4210_combiner: Don't overrun output_irq array in init 2014-02-27 09:38:08 -06:00
exynos4210_gic.c exynos4210_gic: QOM cast cleanup for exynos4210.irq_gate 2013-07-29 21:06:57 +02:00
gic_internal.h hw/intc/arm_gic: Fix GIC_SET_LEVEL 2014-02-27 09:38:42 -06:00
grlib_irqmp.c grlib_irqmp: QOM cast cleanup 2013-07-29 21:06:57 +02:00
heathrow_pic.c memory: add owner argument to initialization functions 2013-07-04 17:42:44 +02:00
i8259.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
i8259_common.c isa: QOM'ify ISADevice 2013-06-07 14:55:33 +02:00
imx_avic.c imx_avic: QOM cast cleanup 2013-07-29 21:06:05 +02:00
ioapic.c ioapic: QOM cast cleanup 2013-07-29 21:07:02 +02:00
ioapic_common.c ioapic: Use QOM realize for ioapic 2013-07-23 00:37:35 +02:00
lm32_pic.c lm32_pic: QOM cast cleanup 2013-07-29 21:06:57 +02:00
omap_intc.c omap_intc: QOM'ify omap-intc and omap2-intc 2013-07-29 21:06:58 +02:00
openpic.c openpic: avoid buffer overrun on incoming migration 2014-06-26 14:18:27 -05:00
openpic_kvm.c hw/i*: pass owner to memory_region_init* functions 2013-07-04 17:42:48 +02:00
pl190.c pl190: QOM cast cleanup 2013-07-29 21:06:58 +02:00
puv3_intc.c puv3_intc: QOM cast cleanup 2013-07-29 21:06:58 +02:00
realview_gic.c realview_gic: Prepare for QOM embedding 2013-11-05 17:47:30 +01:00
sh_intc.c cpu: Make first_cpu and next_cpu CPUState 2013-07-09 21:32:54 +02:00
slavio_intctl.c slavio_intctl: QOM cast cleanup 2013-07-29 21:06:58 +02:00
xics.c xics: Implement H_XIRR_X 2013-10-25 23:25:47 +02:00
xics_kvm.c xics-kvm: enable irqfd for MSI 2013-10-25 23:25:47 +02:00
xilinx_intc.c xilinx_intc: QOM cast cleanup 2013-07-29 21:06:58 +02:00