Re: [Qemu-devel] [ Patch ] for CVE-2015-3242

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [ Patch ] for CVE-2015-3242

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [ Patch ] for CVE-2015-3242
Date:	Thu, 18 Jun 2015 08:46:34 +0100

On 18 June 2015 at 03:40, 罗大龙 <address@hidden> wrote:
> /qemu-2.3.0/hw/arm/pxa2xx.c
>
> --- pxa2xx.c.new    2015-06-15 17:40:59.285002592 +0800
> +++ pxa2xx.c    2015-06-15 17:43:47.001002592 +0800
> @@ -1986,6 +1986,10 @@
>
>      s->rx_len = qemu_get_byte(f);
>      s->rx_start = 0;
> +   if (s->rx_len < 0 || s->rx_len > ARRAY_SIZE(s->rx_fifo)) {
> +       return -EINVAL;
> +   }
> +
>      for (i = 0; i < s->rx_len; i ++)
>          s->rx_fifo[i] = qemu_get_byte(f);

Hi. I'm afraid I can't apply this, you have provided no
Signed-off-by: (and no commit message either). Also, the
code you are trying to patch does not exist in QEMU master.

NB: we do not consider bugs in the pxa2xx board to be
security issues -- the code was never written with the
expectation of being able to defend against malicious
guests, and certainly not against malicious incoming
migration data (as here). Treat it as a developer tool,
not a security boundary.

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [ Patch ] for CVE-2015-3242, 罗大龙, 2015/06/18
- Re: [Qemu-devel] [ Patch ] for CVE-2015-3242, Peter Maydell <=

Prev by Date: Re: [Qemu-devel] linux-user crashes on clone(2) when run on ppc host
Next by Date: Re: [Qemu-devel] [PATCH v7 01/42] Start documenting how postcopy works.
Previous by thread: [Qemu-devel] [ Patch ] for CVE-2015-3242
Next by thread: [Qemu-devel] [PATCH COLO-Block v6 00/16] Block replication for continuous checkpoints
Index(es):
- Date
- Thread