Michael S. Tsirkin e83444f71e hw/pci/pcie_aer.c: fix buffer overruns on invalid state load ... 4) CVE-2013-4529 hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is too large There are two issues in this file: 1. log_max from remote can be larger than on local then buffer will overrun with data coming from state file. 2. log_num can be larger then we get data corruption again with an overflow but not adversary controlled. Fix both issues. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> (cherry picked from commit 5f691ff91d) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>		2014-06-26 14:01:51 -05:00
..
Makefile.objs	Makefile.target: CONFIG_NO_* variables removed	2013-10-16 18:21:00 +02:00
msi.c	misc: move include files to include/qemu/	2012-12-19 08:32:39 +01:00
msix.c	hw/p*: pass owner to memory_region_init* functions	2013-07-04 17:42:48 +02:00
pci-hotplug-old.c	qdev: Drop misleading qdev_free() function	2013-11-05 18:06:38 +01:00
pci-stub.c	softmmu: move include files to include/sysemu/	2012-12-19 08:32:45 +01:00
pci.c	pci: unregister vmstate_pcibus on unplug	2013-11-21 16:25:08 +02:00
pci_bridge.c	qdev: Drop misleading qdev_free() function	2013-11-05 18:06:38 +01:00
pci_host.c	pci: add config space access traces	2013-08-28 10:11:23 +03:00
pcie.c	qdev: Drop misleading qdev_free() function	2013-11-05 18:06:38 +01:00
pcie_aer.c	hw/pci/pcie_aer.c: fix buffer overruns on invalid state load	2014-06-26 14:01:51 -05:00
pcie_host.c	pcie_host: expose address format	2013-10-14 17:48:51 +03:00
pcie_port.c	pcie_port: Turn PCIEPort and PCIESlot into abstract QOM types	2013-07-29 20:45:24 +02:00
shpc.c	qdev: Drop misleading qdev_free() function	2013-11-05 18:06:38 +01:00
slotid_cap.c	hw: move qdev-monitor.o to toplevel directory	2013-03-01 13:54:10 +01:00