[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [ Patch ] for CVE-2015-3242
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [ Patch ] for CVE-2015-3242 |
Date: |
Thu, 18 Jun 2015 08:46:34 +0100 |
On 18 June 2015 at 03:40, 罗大龙 <address@hidden> wrote:
> /qemu-2.3.0/hw/arm/pxa2xx.c
>
> --- pxa2xx.c.new 2015-06-15 17:40:59.285002592 +0800
> +++ pxa2xx.c 2015-06-15 17:43:47.001002592 +0800
> @@ -1986,6 +1986,10 @@
>
> s->rx_len = qemu_get_byte(f);
> s->rx_start = 0;
> + if (s->rx_len < 0 || s->rx_len > ARRAY_SIZE(s->rx_fifo)) {
> + return -EINVAL;
> + }
> +
> for (i = 0; i < s->rx_len; i ++)
> s->rx_fifo[i] = qemu_get_byte(f);
Hi. I'm afraid I can't apply this, you have provided no
Signed-off-by: (and no commit message either). Also, the
code you are trying to patch does not exist in QEMU master.
NB: we do not consider bugs in the pxa2xx board to be
security issues -- the code was never written with the
expectation of being able to defend against malicious
guests, and certainly not against malicious incoming
migration data (as here). Treat it as a developer tool,
not a security boundary.
thanks
-- PMM