falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/include/ui
History
Wolfgang Bumiller 24fe899c3c hmp: fix sendkey out of bounds write (CVE-2015-8619) 
When processing 'sendkey' command, hmp_sendkey routine null
terminates the 'keyname_buf' array. This results in an OOB
write issue, if 'keyname_len' was to fall outside of
'keyname_buf' array.

Since the keyname's length is known the keyname_buf can be
removed altogether by adding a length parameter to
index_from_key() and using it for the error output as well.

Reported-by: Ling Liu <liuling-it@360.cn>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-Id: <20160113080958.GA18934@olga>
[Comparison with "<" dumbed down, test for junk after strtoul()
tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>

(cherry picked from commit 64ffbe04ea)

Conflicts:
	hmp.c

*removed dependency on 7fb1cf16

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2016-03-22 17:38:16 -05:00
..
console.h hmp: fix sendkey out of bounds write (CVE-2015-8619) 2016-03-22 17:38:16 -05:00
egl-context.h opengl: add egl-context.[ch] helpers 2015-10-08 10:34:53 +02:00
egl-helpers.h ui: add egl-helpers 2015-05-29 11:11:38 +02:00
gtk.h gtk/opengl: add opengl context and scanout support (GtkGLArea) 2015-10-08 10:34:53 +02:00
input.h replay: recording of the user input 2015-11-06 10:16:03 +01:00
pixel_ops.h
qemu-pixman.h spice: fix simple display on bigendian hosts 2015-04-27 12:47:03 +02:00
qemu-spice.h qemu-char: convert spice backend to data-driven creation 2015-10-19 10:13:07 +02:00
sdl2.h sdl2: add support for display rendering using opengl. 2015-05-05 10:48:26 +02:00
shader.h shaders: initialize vertexes once 2015-10-08 10:31:35 +02:00
spice-display.h spice: set pointer position on hotspot 2015-04-27 12:47:04 +02:00