ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/arm
History
Michael S. Tsirkin d92a7683e8 pxa2xx: avoid buffer overrun on incoming migration 
CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit caa881abe0)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-06-26 14:19:05 -05:00
..
Makefile.objs hw/arm/pic_cpu: Remove the now-unneeded arm_pic_init_cpu() 2013-08-20 14:54:31 +01:00
armv7m.c armv7m: Don't enforce use of kernel for qtest 2013-11-05 17:47:29 +01:00
boot.c hw/arm/boot: Make user not specifying a kernel not an error 2013-10-31 14:00:16 +01:00
collie.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
exynos4_boards.c exynos4_boards: Silence lack of -smp 2 warning for qtest 2013-11-05 17:47:29 +01:00
exynos4210.c hw/arm/exynos4210: Don't use arm_pic_init_cpu() 2013-08-20 14:54:28 +01:00
gumstix.c gumstix: Don't enforce use of -pflash for qtest 2013-11-05 17:47:28 +01:00
highbank.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
integratorcp.c integrator: fix Linux boot failure by emulating dbg region 2013-10-31 14:00:16 +01:00
kzm.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
mainstone.c mainstone: Fix duplicate array values for key 'space' 2014-02-21 00:34:40 -06:00
musicpal.c hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers 2014-02-27 09:38:31 -06:00
nseries.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
omap1.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
omap2.c hw/arm/omap*: Don't use arm_pic_init_cpu() 2013-08-20 14:54:29 +01:00
omap_sx1.c omap_sx1: Don't enforce use of kernel or flash for qtest 2013-11-05 17:47:29 +01:00
palm.c palm: Don't enforce loading ROM or kernel for qtest 2013-11-05 17:47:29 +01:00
pxa2xx.c pxa2xx: avoid buffer overrun on incoming migration 2014-06-26 14:19:05 -05:00
pxa2xx_gpio.c pxa2xx_gpio: QOM cast cleanup for PXA2xxGPIOInfo 2013-07-29 21:06:26 +02:00
pxa2xx_pic.c pxa2xx_pic: QOM cast cleanup for PXA2xxPICState 2013-07-29 21:06:26 +02:00
realview.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
spitz.c pc,pci,virtio fixes and cleanups 2013-09-03 12:31:07 -05:00
stellaris.c pc,pci,virtio fixes and cleanups 2013-09-03 12:31:07 -05:00
strongarm.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
strongarm.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
tosa.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
versatilepb.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
vexpress.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
xilinx_zynq.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00
z2.c z2: Don't enforce use of -pflash for qtest 2013-11-05 17:47:28 +01:00