[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 90/97] slirp: check sscanf result when emulating ide
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 90/97] slirp: check sscanf result when emulating ident |
Date: |
Mon, 1 Apr 2019 16:00:04 -0500 |
From: William Bowling <address@hidden>
When emulating ident in tcp_emu, if the strchr checks passed but the
sscanf check failed, two uninitialized variables would be copied and
sent in the reply, so move this code inside the if(sscanf()) clause.
Signed-off-by: William Bowling <address@hidden>
Cc: address@hidden
Cc: address@hidden
Message-Id: <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
(cherry picked from commit d3222975c7d6cda9e25809dea05241188457b113)
Signed-off-by: Michael Roth <address@hidden>
---
slirp/tcp_subr.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 8d0f94b75f..473c8b04e6 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -662,12 +662,12 @@ tcp_emu(struct socket *so, struct mbuf *m)
break;
}
}
+ so_rcv->sb_cc =
snprintf(so_rcv->sb_data,
+
so_rcv->sb_datalen,
+ "%d,%d\r\n",
n1, n2);
+ so_rcv->sb_rptr = so_rcv->sb_data;
+ so_rcv->sb_wptr = so_rcv->sb_data +
so_rcv->sb_cc;
}
- so_rcv->sb_cc = snprintf(so_rcv->sb_data,
- so_rcv->sb_datalen,
- "%d,%d\r\n", n1, n2);
- so_rcv->sb_rptr = so_rcv->sb_data;
- so_rcv->sb_wptr = so_rcv->sb_data +
so_rcv->sb_cc;
}
m_free(m);
return 0;
--
2.17.1
- [Qemu-devel] [PATCH 63/97] qemu-img: Fix typo, (continued)
- [Qemu-devel] [PATCH 63/97] qemu-img: Fix typo, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 41/97] block/rbd: Attempt to parse legacy filenames, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 80/97] linux-user: make pwrite64/pread64(fd, NULL, 0, offset) return 0, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 58/97] vhost-scsi: prevent using uninitialized vqs, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 91/97] tpm_tis: fix loop that cancels any seizure by a lower locality, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 40/97] block/rbd: pull out qemu_rbd_convert_options, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 50/97] virtio: do not take address of packed members, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 77/97] pc:piix4: Update smbus I/O space after a migration, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 62/97] fdc: fix segfault in fdctrl_stop_transfer() when DMA is disabled, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 15/97] target/arm: Use fp_status_fp16 for do_fmpa_zpzzz_h, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 90/97] slirp: check sscanf result when emulating ident,
Michael Roth <=
- [Qemu-devel] [PATCH 83/97] tpm: Zero-init structure to avoid uninitialized variables in valgrind log, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 04/97] target/arm: Fix typo in helper_sve_movz_d, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 88/97] acpi: Make TPM 2.0 with TIS available as MSFT0101, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 05/97] target/arm: Fix typo in helper_sve_ld1hss_r, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 34/97] tests: update acpi expected files, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 60/97] make-release: add skiboot .version file, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 48/97] net: ignore packet size greater than INT_MAX, Michael Roth, 2019/04/01
- [Qemu-devel] [PATCH 94/97] nvme: fix out-of-bounds access to the CMB, Michael Roth, 2019/04/01
- Re: [Qemu-devel] [Qemu-stable] [PATCH 00/97] Patch Round-up for stable 3.0.1, freeze on 2019-04-08, Cole Robinson, 2019/04/02