git.osdn.net Git - qmiga/qemu.git/commit

author	John Millikin <john@john-millikin.com>
	Wed, 17 Aug 2022 05:34:58 +0000 (14:34 +0900)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 1 Sep 2022 05:42:37 +0000 (07:42 +0200)
commit	fe9d8927e265fd723a6dc87cd6d220f4677dbe1f
tree	0e2d306704d29e6a06cc10b7a320afcbb31279a1	tree \| snapshot
parent	c6e51f1bb28ed762d2039c063cbb71a8ad29762d	commit \| diff

scsi: Add buf_len parameter to scsi_req_new()

When a SCSI command is received from the guest, the CDB length implied
by the first byte might exceed the number of bytes the guest sent. In
this case scsi_req_new() will read uninitialized data, causing
unpredictable behavior.

Adds the buf_len parameter to scsi_req_new() and plumbs it through the
call stack.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-1-john@john-millikin.com>
[Fill in correct length for adapters other than ESP. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

13 files changed:

hw/scsi/esp.c		diff \| blob \| history
hw/scsi/lsi53c895a.c		diff \| blob \| history
hw/scsi/megasas.c		diff \| blob \| history
hw/scsi/mptsas.c		diff \| blob \| history
hw/scsi/scsi-bus.c		diff \| blob \| history
hw/scsi/scsi-disk.c		diff \| blob \| history
hw/scsi/scsi-generic.c		diff \| blob \| history
hw/scsi/spapr_vscsi.c		diff \| blob \| history
hw/scsi/virtio-scsi.c		diff \| blob \| history
hw/scsi/vmw_pvscsi.c		diff \| blob \| history
hw/usb/dev-storage.c		diff \| blob \| history
hw/usb/dev-uas.c		diff \| blob \| history
include/hw/scsi/scsi.h		diff \| blob \| history

RSS Atom

About OSDN

Find Software

Develop Software

Help