[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] usb-mtp: Limit filename to object information s

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH] usb-mtp: Limit filename to object information size
Date: Fri, 14 Dec 2018 08:57:51 +0100
User-agent: NeoMutt/20180716

On Thu, Dec 13, 2018 at 10:37:06PM +0000, Michael Hanselmann wrote:
> The filename length in MTP metadata is specified by the guest. By
> trusting it directly it'd theoretically be possible to get the host to
> write memory parts outside the filename buffer into a filename. In
> practice though there are usually NUL bytes stopping the string
> operations.
> Also use the opportunity to not assign the filename member twice.

Added to usb patch queue.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]