[Qemu-commits] [qemu/qemu] 6de02a: usb-mtp: fix utf16_to

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 6de02a: usb-mtp: fix utf16_to_str

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 6de02a: usb-mtp: fix utf16_to_str
Date:	Tue, 04 Dec 2018 01:35:58 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 6de02a13232a84261bd2d5e07013d6e6572cd60f
      
https://github.com/qemu/qemu/commit/6de02a13232a84261bd2d5e07013d6e6572cd60f
  Author: Gerd Hoffmann <address@hidden>
  Date:   2018-12-03 (Mon, 03 Dec 2018)

  Changed paths:
    M hw/usb/dev-mtp.c

  Log Message:
  -----------
  usb-mtp: fix utf16_to_str

Make utf16_to_str return an allocated string.  Remove the assumtion that
the number of string bytes equals the number of utf16 chars (which is
only true for ascii chars).  Instead call wcstombs twice, once to figure
the storage size and once for the actual conversion (as suggested by the
wcstombs manpage).

FIXME: surrogate pairs are not working correctly.  Pre-existing bug,
fixing that is left for another day.

Reported-by: Michael Hanselmann <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Markus Armbruster <address@hidden>
Message-id: address@hidden


  Commit: c52d46e041b42bb1ee6f692e00a0abe37a9659f6
      
https://github.com/qemu/qemu/commit/c52d46e041b42bb1ee6f692e00a0abe37a9659f6
  Author: Gerd Hoffmann <address@hidden>
  Date:   2018-12-03 (Mon, 03 Dec 2018)

  Changed paths:
    M hw/usb/dev-mtp.c

  Log Message:
  -----------
  usb-mtp: outlaw slashes in filenames

Slash is unix directory separator, so they are not allowed in filenames.
Note this also stops the classic escape via "../".

Fixes: CVE-2018-16867
Reported-by: Michael Hanselmann <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden


  Commit: 933cc4bb3469b82be2a2095523df400973aa4790
      
https://github.com/qemu/qemu/commit/933cc4bb3469b82be2a2095523df400973aa4790
  Author: Peter Maydell <address@hidden>
  Date:   2018-12-03 (Mon, 03 Dec 2018)

  Changed paths:
    M hw/usb/dev-mtp.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/kraxel/tags/fixes-31-20181203-pull-request' into staging

usb: mtp fixes.

# gpg: Signature made Mon 03 Dec 2018 19:50:26 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-31-20181203-pull-request:
  usb-mtp: outlaw slashes in filenames
  usb-mtp: fix utf16_to_str

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/9225cd127dd8...933cc4bb3469
      **NOTE:** This service has been marked for deprecation: 
https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 6de02a: usb-mtp: fix utf16_to_str, GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] e31d80: nbd/server: Advertise all contexts in response to ...
Next by Date: [Qemu-commits] [qemu/qemu] 25c01b: net: drop too large packet early
Previous by thread: [Qemu-commits] [qemu/qemu] e31d80: nbd/server: Advertise all contexts in response to ...
Next by thread: [Qemu-commits] [qemu/qemu] 25c01b: net: drop too large packet early
Index(es):
- Date
- Thread