Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb

From:	Peter Maydell
Subject:	Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
Date:	Mon, 20 Apr 2020 14:42:27 +0100

On Sat, 18 Apr 2020 at 07:30, Chen Qun <address@hidden> wrote:
>
> There is an overflow, the source 'datain.data[2]' is 100 bytes,
>  but the 'ss' is 252 bytes.This may cause a security issue because
>  we can access a lot of unrelated memory data.
>
> The len for sbp copy data should take the minimum of mx_sb_len and
>  sb_len_wr, not the maximum.


Thanks, applied to master for 5.0.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Chen Qun, 2020/04/18
- Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Daniel P . Berrangé, 2020/04/20
- Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Peter Maydell <=

Prev by Date: [PATCH v4 9/9] iotests: Test committing to short backing file
Next by Date: Re: [PATCH v4 1/9] block: Add flags to BlockDriver.bdrv_co_truncate()
Previous by thread: Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
Next by thread: [PATCH v19 0/4] qcow2: Implement zstd cluster compression method
Index(es):
- Date
- Thread