[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Out off array access in usb-net
From: |
Gleb Natapov |
Subject: |
Re: [Qemu-devel] [PATCH] Out off array access in usb-net |
Date: |
Tue, 9 Nov 2010 11:39:01 +0200 |
On Tue, Nov 09, 2010 at 10:30:54AM +0100, Markus Armbruster wrote:
> Gleb Natapov <address@hidden> writes:
>
> > Properly check array bounds before accessing array element.
>
> Impact?
>
Gapping security hole for those unfortunate enough to use usb-net?
> Apply to stable as well?
>
Definitely. Actually for me Windows7 crashed when usb-net is present.
> > Signed-off-by: Gleb Natapov <address@hidden>
> > diff --git a/hw/usb-net.c b/hw/usb-net.c
> > index 70f9263..84e2d79 100644
> > --- a/hw/usb-net.c
> > +++ b/hw/usb-net.c
> > @@ -1142,7 +1142,7 @@ static int usb_net_handle_control(USBDevice *dev, int
> > request, int value,
> > break;
> >
> > default:
> > - if (usb_net_stringtable[value & 0xff]) {
> > + if (ARRAY_SIZE(usb_net_stringtable) > (value & 0xff)) {
> > ret = set_usb_string(data,
> > usb_net_stringtable[value & 0xff]);
> > break;
>
> Makes sense.
>
> Nitpick: LIMIT > INDEX looks unusual to me; INDEX < LIMIT is more
> common.
--
Gleb.
- [Qemu-devel] [PATCH] Out off array access in usb-net, Gleb Natapov, 2010/11/09
- [Qemu-devel] Re: [PATCH] Out off array access in usb-net, Paolo Bonzini, 2010/11/09
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Markus Armbruster, 2010/11/09
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net,
Gleb Natapov <=
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Markus Armbruster, 2010/11/09
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Gleb Natapov, 2010/11/09
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Markus Armbruster, 2010/11/09
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Anthony Liguori, 2010/11/16
- Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Gleb Natapov, 2010/11/16
Re: [Qemu-devel] [PATCH] Out off array access in usb-net, Anthony Liguori, 2010/11/16