qemu-patch-raspberry4/ui
Wolfgang Bumiller 24fe899c3c hmp: fix sendkey out of bounds write (CVE-2015-8619)
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.

Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>

(cherry picked from commit 64ffbe04ea)

Conflicts:
	hmp.c

*removed dependency on 7fb1cf16

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-03-22 17:38:16 -05:00
..
shader console-gl: add opengl rendering helper functions 2015-05-05 10:48:22 +02:00
Makefile.objs gtk/opengl: add opengl context and scanout support (GtkGLArea) 2015-10-08 10:34:53 +02:00
cocoa.m ui/cocoa.m: Prevent activation clicks from going to guest 2015-12-01 21:22:41 +00:00
console-gl.c shaders: initialize vertexes once 2015-10-08 10:31:35 +02:00
console.c ui: Use g_new() & friends where that makes obvious sense 2015-11-06 15:42:38 +03:00
curses.c ui: Use g_new() & friends where that makes obvious sense 2015-11-06 15:42:38 +03:00
curses_keys.h ui/curses: Fix pageup/pagedown on -curses 2015-11-03 10:12:46 +01:00
cursor.c ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
cursor_hidden.xpm ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
cursor_left_ptr.xpm ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
egl-context.c opengl: add egl-context.[ch] helpers 2015-10-08 10:34:53 +02:00
egl-helpers.c ui: add egl-helpers 2015-05-29 11:11:38 +02:00
gtk-egl.c gtk/opengl: add opengl context and scanout support (egl) 2015-10-08 10:34:53 +02:00
gtk-gl-area.c gtk/opengl: add opengl context and scanout support (GtkGLArea) 2015-10-08 10:34:53 +02:00
gtk.c qemu-char: convert vc backend to data-driven creation 2015-10-19 10:13:07 +02:00
input-keymap.c input: Convert to new qapi union layout 2015-11-02 08:30:28 +01:00
input-legacy.c hmp: fix sendkey out of bounds write (CVE-2015-8619) 2016-03-22 17:38:16 -05:00
input.c replay: recording of the user input 2015-11-06 10:16:03 +01:00
keymaps.c ui: Use g_new() & friends where that makes obvious sense 2015-11-06 15:42:38 +03:00
keymaps.h ui: move all ui components in ui/ 2010-07-26 17:35:54 -05:00
qemu-pixman.c ui/pixman: add qemu_pixman_check_format 2015-01-19 13:33:26 +01:00
qemu-x509.h ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
sdl.c ui: Use g_new() & friends where that makes obvious sense 2015-11-06 15:42:38 +03:00
sdl2-2d.c sdl2: stop flickering 2015-10-08 10:31:35 +02:00
sdl2-gl.c sdl2: add support for display rendering using opengl. 2015-05-05 10:48:26 +02:00
sdl2-input.c sdl2: move SDL_* includes to sdl2.h 2015-05-05 10:48:26 +02:00
sdl2-keymap.h sdl2: keymap fixups 2014-09-16 08:07:05 +02:00
sdl2.c sdl2: fix crash in handle_windowevent() when restoring the screen size 2015-06-09 10:25:21 +02:00
sdl_keysym.h ui/sdl2 : initial port to SDL 2.0 (v2.0) 2014-03-05 09:52:05 +01:00
sdl_zoom.c sdl: Fix heap smash in sdl_zoom_rgb{16,32} for int > 32 bits 2013-01-15 18:25:30 -06:00
sdl_zoom.h ui: move all ui components in ui/ 2010-07-26 17:35:54 -05:00
sdl_zoom_template.h sdl: Fix heap smash in sdl_zoom_rgb{16,32} for int > 32 bits 2013-01-15 18:25:30 -06:00
shader.c shaders: initialize vertexes once 2015-10-08 10:31:35 +02:00
spice-core.c qapi: Unbox base members 2015-11-02 08:30:26 +01:00
spice-display.c spice: surface switch fast path requires same format too. 2015-09-21 09:52:07 +02:00
spice-input.c spice: input: Fix absolute mouse y coordinates 2014-03-24 08:41:21 +01:00
vgafont.h ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
vnc-auth-sasl.c ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
vnc-auth-sasl.h aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
vnc-auth-vencrypt.c ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
vnc-auth-vencrypt.h ui: move all ui components in ui/ 2010-07-26 17:35:54 -05:00
vnc-enc-hextile-template.h pixman/vnc: use pixman images in vnc. 2012-11-01 14:00:04 +01:00
vnc-enc-hextile.c pixman/vnc: remove dead code. 2012-11-01 14:00:05 +01:00
vnc-enc-tight.c vnc-enc-tight: fix Arguments in wrong order 2014-12-10 10:08:12 +01:00
vnc-enc-tight.h vnc: tight add PNG encoding 2010-07-26 17:36:14 -05:00
vnc-enc-zlib.c Use glib memory allocation and free functions 2011-08-20 23:01:08 -05:00
vnc-enc-zrle-template.c vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zrle.c pixman/vnc: use pixman images in vnc. 2012-11-01 14:00:04 +01:00
vnc-enc-zrle.h vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zywrle-template.c Fix spelling in comments, documentation and messages 2011-12-14 11:09:44 +00:00
vnc-enc-zywrle.h misc: Spelling and grammar fixes in comments 2013-10-26 13:06:45 +04:00
vnc-jobs.c vnc: buffer code improvements, bugfixes. 2015-11-17 12:34:07 +00:00
vnc-jobs.h ui/vnc: Remove vnc_stop_worker_thread() 2015-03-10 08:15:33 +03:00
vnc-palette.c ui/vnc-palette.c: Include headers it needs 2012-12-06 09:17:05 +01:00
vnc-palette.h misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
vnc-ws.c ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
vnc-ws.h ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
vnc.c ui: vnc: avoid floating point exception 2015-12-03 13:34:50 +00:00
vnc.h util: pull Buffer code out of VNC module 2015-10-20 14:59:09 +01:00
vnc_keysym.h qemu-char: add cyrillic characters 'numerosign' to VNC keysyms 2015-03-10 08:15:34 +03:00
x_keymap.c kbd: add brazil kbd keys to x11 evdev map 2015-05-29 10:30:06 +02:00
x_keymap.h Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00