[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/2] usb: check RNDIS offsets & length

From: P J P
Subject: [Qemu-devel] [PATCH 0/2] usb: check RNDIS offsets & length
Date: Wed, 17 Feb 2016 00:23:39 +0530

From: Prasad J Pandit <address@hidden>


When processing remote NDIS control message packets, the USB Net
device emulator uses a fixed length(4096) data buffer. The incoming
packet length could exceed that OR informationBufferOffset & Length
combination could overflow and cross that range. These two patches
add checks to avoid such overflows.

Thank you.
Prasad J Pandit (2):
  usb: check RNDIS message length
  usb: check RNDIS buffer offsets & length

 hw/usb/core.c        | 18 +++++++++---------
 hw/usb/dev-network.c |  9 ++++++---
 2 files changed, 15 insertions(+), 12 deletions(-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]