Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb

From:	Peter Maydell
Subject:	Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
Date:	Mon, 20 Apr 2020 14:42:27 +0100

On Sat, 18 Apr 2020 at 07:30, Chen Qun <address@hidden> wrote:
>
> There is an overflow, the source 'datain.data[2]' is 100 bytes,
>  but the 'ss' is 252 bytes.This may cause a security issue because
>  we can access a lot of unrelated memory data.
>
> The len for sbp copy data should take the minimum of mx_sb_len and
>  sb_len_wr, not the maximum.


Thanks, applied to master for 5.0.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Chen Qun, 2020/04/18
- Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Daniel P . Berrangé, 2020/04/20
- Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb, Peter Maydell <=

Prev by Date: Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
Next by Date: [PATCH 0/2] fix fcntl(F_SETFD) usage
Previous by thread: Re: [PATCH] block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb
Next by thread: [PATCH 0/2] fix fcntl(F_SETFD) usage
Index(es):
- Date
- Thread