falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
adding Irix (and, to a lesser extent, Solaris) userland emulation to QEMU
38,180 Commits 28 Branches 227 Tags 202 MiB
C 91.8%
Dylan 2.4%
Python 1.9%
Shell 1.3%
C++ 1%
Other 1.5%
Go to file
Daniel P. Berrange 2cdb5e142f CVE-2015-1779: limit size of HTTP headers from websockets clients 
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 		2015-04-01 17:12:55 +02:00
audio
backends hostmem: Prevent removing an in-use memory backend 2015-04-01 10:06:38 +02:00
block Block patches for 2.3.0-rc1 2015-03-19 17:47:08 +00:00
bsd-user cpu: Make cpu_init() return QOM CPUState object 2015-03-10 17:33:51 +01:00
default-configs hw/usb: Include USB files only if necessary 2015-03-18 11:50:47 +01:00
disas cris: remove unused cris_cond15 declarations 2015-03-19 11:11:55 +03:00
docs docs: add memory-hotplug.txt 2015-03-04 13:00:36 -05:00
dtc@bc895d6d09
fpu
fsdev Fix typos in comments 2015-03-19 11:30:37 +03:00
gdb-xml
hw pc: acpi: fix pvpanic regression 2015-04-01 10:06:38 +02:00
include rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
libcacard libcacard: stop linking against every single 3rd party library 2015-02-10 09:27:20 +03:00
libdecnumber
linux-headers synchronize Linux headers to 4.0-rc3 2015-03-10 09:26:22 +01:00
linux-user rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
migration rdma: Fix cleanup in error paths 2015-03-26 15:31:46 +01:00
net net: synchronize net_host_device_remove with host_net_remove_completion 2015-03-12 19:59:39 +00:00
pc-bios pseries: Update SLOF firmware image to qemu-slof-20150313 2015-03-25 22:49:45 +01:00
pixman@87eea99e44
po
qapi block: Document blockdev-add's immaturity 2015-03-27 10:01:12 +00:00
qga qga/commands-posix: Fix resource leak 2015-03-19 11:39:18 +03:00
qobject
qom qom: Add can_be_deleted callback to UserCreatableClass 2015-04-01 10:06:38 +02:00
roms pseries: Update SLOF firmware image to qemu-slof-20150313 2015-03-25 22:49:45 +01:00
scripts build: pass .d file name to scripts/make_device_config.sh, fix makefile target 2015-03-18 12:07:25 +01:00
slirp
stubs pci, pc, virtio fixes and cleanups 2015-03-09 09:14:28 +00:00
sysconfigs/target
target-alpha tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-arm target-arm: Ignore low bit of PC in M-profile exception return 2015-03-16 12:30:47 +00:00
target-cris cris: remove unused cris_cond15 declarations 2015-03-19 11:11:55 +03:00
target-i386 target-i386: Haswell-noTSX and Broadwell-noTSX 2015-03-19 16:35:14 -03:00
target-lm32 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-m68k tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-microblaze tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-mips trivial patches for 2015-03-19 2015-03-19 14:10:20 +00:00
target-moxie target-moxie: Fix warnings from Sparse (one-bit signed bitfield) 2015-03-19 11:11:55 +03:00
target-openrisc tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-ppc target-ppc: Remove POWER5+ v0.0 that never existed 2015-03-25 22:49:46 +01:00
target-s390x Final batch of s390x enhancements/fixes for 2.3: 2015-03-16 11:44:55 +00:00
target-sh4 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-sparc tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-tricore target-tricore: fix CACHEA/I_POSTINC/PREINC using data register.. 2015-03-30 13:39:38 +02:00
target-unicore32 tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
target-xtensa tcg: Change translator-side labels to a pointer 2015-03-13 12:28:18 -07:00
tcg tcg/optimize: Handle or r,a,a with constant a 2015-03-16 08:46:13 -07:00
tests i440fx-test: Fix test paths to include architecture 2015-03-30 19:24:54 +02:00
trace Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
ui CVE-2015-1779: limit size of HTTP headers from websockets clients 2015-04-01 17:12:55 +02:00
util rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
.exrc
.gitignore gitignore: Track common.env in iotests gitignore 2015-03-10 08:15:34 +03:00
.gitmodules
.mailmap
.travis.yml
CODING_STYLE
COPYING
COPYING.LIB
Changelog
HACKING
LICENSE
MAINTAINERS misc fixes and cleanups 2015-03-12 09:13:07 +00:00
Makefile build: pass .d file name to scripts/make_device_config.sh, fix makefile target 2015-03-18 12:07:25 +01:00
Makefile.objs
Makefile.target Makefile.target: binary depends on config-devices 2015-03-01 19:41:50 +01:00
README
VERSION Update version for v2.3.0-rc1 release 2015-03-24 16:34:16 +00:00
accel.c
aio-posix.c
aio-win32.c
arch_init.c migration: remove last_sent_block from save_page_header 2015-03-26 15:31:46 +01:00
async.c
balloon.c balloon: Fix typo 2015-02-23 10:56:09 -05:00
block.c block: Fix unaligned zero write 2015-03-27 10:01:12 +00:00
blockdev-nbd.c nbd: Fix up comment after commit e140177 2015-03-25 13:38:07 +01:00
blockdev.c block: Fix blockdev-backup not to use funky error class 2015-03-19 16:02:59 +01:00
blockjob.c
bootdevice.c misc: fix typos in copyright declaration 2015-03-26 14:21:43 +01:00
bt-host.c
bt-vhci.c
configure seccomp: libseccomp version varying according to arch 2015-03-26 16:58:22 +00:00
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c - vhost-scsi: add bootindex property 2015-02-24 13:58:18 +00:00
cpus.c cpus: Don't kick un-realized cpus. 2015-03-25 13:38:07 +01:00
cputlb.c exec: RCUify AddressSpaceDispatch 2015-02-16 17:30:19 +01:00
device-hotplug.c pci-hotplug-old: Has been dead for five major releases, bury 2015-03-01 12:37:54 +01:00
device_tree.c machine: query phandle-start machine property 2015-03-11 18:17:11 +01:00
disas.c
dma-helpers.c
dump.c
exec.c Revert "exec: Respect as_tranlsate_internal length clamp" 2015-04-01 10:06:38 +02:00
gdbstub.c gdbstub: avoid possible NULL pointer dereference 2015-03-10 08:15:34 +03:00
hmp-commands.hx hmp: Fix texinfo documentation 2015-03-19 11:35:52 +03:00
hmp.c migration/next for 20150317 2015-03-17 17:11:33 +00:00
hmp.h qom: Implement qom-set HMP command 2015-03-17 14:31:15 +01:00
iohandler.c
ioport.c
iothread.c
kvm-all.c kvm: fix ioeventfd endianness on bi-endian architectures 2015-03-18 12:07:30 +01:00
kvm-stub.c
main-loop.c
memory.c memory: Move owner-less MemoryRegions to /machine/unattached 2015-03-17 14:31:26 +01:00
memory_mapping.c
module-common.c
monitor.c usb: bugfix collection. 2015-03-20 09:50:08 +00:00
nbd.c nbd: Drop unexpected data for NBD_OPT_LIST 2015-03-18 12:07:16 +01:00
numa.c numa: Print warning if no node is assigned to a CPU 2015-03-19 16:20:15 -03:00
os-posix.c rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
os-win32.c
page_cache.c
qapi-schema.json migration: Convert 'status' of MigrationInfo to use an enum type 2015-03-17 15:20:37 +01:00
qdev-monitor.c qom: Implement info qom-tree HMP command 2015-03-17 14:31:21 +01:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c qemu-img: Suppress unhelpful extra errors in convert, amend 2015-02-26 14:51:21 +01:00
qemu-coroutine-io.c coroutine-io: Return -errno in case of error 2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c coroutine: Clean up qemu_coroutine_enter() 2015-03-09 11:11:59 +01:00
qemu-doc.texi raw-posix: Deprecate host floppy passthrough 2015-03-19 11:43:02 +01:00
qemu-img-cmds.hx
qemu-img.c qemu-img: Avoid qerror_report_err() outside QMP handlers, again 2015-03-16 17:07:25 +01:00
qemu-img.texi
qemu-io-cmds.c qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
qemu-io.c Clean up around error_get_pretty(), qerror_report_err() 2015-02-26 07:01:08 +00:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c nbd: Set block size to BDRV_SECTOR_SIZE 2015-03-18 12:07:01 +01:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx Block patches for 2.3.0-rc1 2015-03-19 17:47:08 +00:00
qemu-seccomp.c
qemu-tech.texi
qemu-timer.c
qemu.nsi
qemu.sasl
qjson.c QJSON: fix typo in author's email address 2015-02-10 09:27:20 +03:00
qmp-commands.hx block: Document blockdev-add's immaturity 2015-03-27 10:01:12 +00:00
qmp.c qom: Add can_be_deleted callback to UserCreatableClass 2015-04-01 10:06:38 +02:00
qtest.c qtest: Use qemu_opt_set() instead of qemu_opts_parse() 2015-02-26 14:52:13 +01:00
rules.mak
savevm.c error: Replace error_report() & error_free() with error_report_err() 2015-03-19 11:11:55 +03:00
softmmu_template.h exec: make iotlb RCU-friendly 2015-02-16 17:30:19 +01:00
spice-qemu-char.c spice: Add missing 'static' attribute 2015-02-10 10:26:05 +03:00
tcg-runtime.c
tci.c tcg: Remove unused opcodes 2015-02-12 21:21:38 -08:00
thread-pool.c
thunk.c
tpm.c tpm: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
trace-events s390x/kvm: trace all SIGP orders 2015-03-10 09:26:22 +01:00
translate-all.c translate-all: Use g_try_malloc() for dynamic translator buffer 2015-02-10 09:27:21 +03:00
translate-all.h
user-exec.c user-exec.c: fix build on NetBSD/sparc64 and NetBSD/arm 2015-03-13 15:57:00 +00:00
version.rc
vl.c Avoid crashing on multiple -incoming 2015-03-26 15:31:46 +01:00
xen-common-stub.c
xen-common.c
xen-hvm-stub.c xen: Remove xen_cmos_set_s3_resume() 2015-03-10 08:15:33 +03:00
xen-hvm.c
xen-mapcache.c

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team