haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/include/ui
History
Wolfgang Bumiller 64ffbe04ea hmp: fix sendkey out of bounds write (CVE-2015-8619) 
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.

Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-02-03 10:13:06 +01:00
..
console.h hmp: fix sendkey out of bounds write (CVE-2015-8619) 2016-02-03 10:13:06 +01:00
egl-context.h opengl: add egl-context.[ch] helpers 2015-10-08 10:34:53 +02:00
egl-helpers.h ui: add egl-helpers 2015-05-29 11:11:38 +02:00
gtk.h gtk: implement set_echo 2016-01-18 16:36:21 +01:00
input.h replay: recording of the user input 2015-11-06 10:16:03 +01:00
pixel_ops.h ui: move files to ui/ and include/ui/ 2012-12-19 08:31:30 +01:00
qemu-pixman.h spice: fix simple display on bigendian hosts 2015-04-27 12:47:03 +02:00
qemu-spice.h qemu-char: convert spice backend to data-driven creation 2015-10-19 10:13:07 +02:00
sdl2.h sdl: shorten the GUI refresh interval when mouse or keyboard is active 2016-02-02 14:05:07 +01:00
shader.h shaders: initialize vertexes once 2015-10-08 10:31:35 +02:00
spice-display.h spice: set pointer position on hotspot 2015-04-27 12:47:04 +02:00