[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 64ffbe: hmp: fix sendkey out of bounds write
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 64ffbe: hmp: fix sendkey out of bounds write (CVE-2015-861... |
Date: |
Wed, 03 Feb 2016 04:30:03 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 64ffbe04eaafebf4045a3ace52a360c14959d196
https://github.com/qemu/qemu/commit/64ffbe04eaafebf4045a3ace52a360c14959d196
Author: Wolfgang Bumiller <address@hidden>
Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths:
M hmp.c
M include/ui/console.h
M ui/input-legacy.c
Log Message:
-----------
hmp: fix sendkey out of bounds write (CVE-2015-8619)
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.
Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.
Reported-by: Ling Liu <address@hidden>
Signed-off-by: Wolfgang Bumiller <address@hidden>
Message-Id: <address@hidden>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <address@hidden>
Commit: ad9e1dab20253441716b769500d4c63bc39b0d51
https://github.com/qemu/qemu/commit/ad9e1dab20253441716b769500d4c63bc39b0d51
Author: Peter Maydell <address@hidden>
Date: 2016-02-03 (Wed, 03 Feb 2016)
Changed paths:
M hmp.c
M include/ui/console.h
M ui/input-legacy.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/armbru/tags/pull-monitor-2016-02-03'
into staging
Monitor patches for 2016-02-03
# gpg: Signature made Wed 03 Feb 2016 09:13:48 GMT using RSA key ID EB918653
# gpg: Good signature from "Markus Armbruster <address@hidden>"
# gpg: aka "Markus Armbruster <address@hidden>"
* remotes/armbru/tags/pull-monitor-2016-02-03:
hmp: fix sendkey out of bounds write (CVE-2015-8619)
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/c65db7705b79...ad9e1dab2025
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 64ffbe: hmp: fix sendkey out of bounds write (CVE-2015-861...,
GitHub <=