Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
xen.4507
CVE-2016-5126-qemuu-buffer-overflow-in-iscsi_ai...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-5126-qemuu-buffer-overflow-in-iscsi_aio_ioctl.patch of Package xen.4507
References: bsc#982286 CVE-2016-5126 From: Peter Lieven Subject: [Qemu-block] [PATCH] block/iscsi: avoid potential overflow of acb->task->cdb Date: Tue, 24 May 2016 10:59:28 +0200 at least in the path via virtio-blk the maximum size is not restricted. Cc: address@hidden Signed-off-by: Peter Lieven <address@hidden> --- block/iscsi.c | 7 +++++++ 1 file changed, 7 insertions(+) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/block/iscsi.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/block/iscsi.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/block/iscsi.c @@ -719,6 +719,13 @@ static BlockDriverAIOCB *iscsi_aio_ioctl acb->buf = NULL; acb->ioh = buf; + if (acb->ioh->cmd_len > SCSI_CDB_MAX_SIZE) { + error_report("iSCSI: ioctl error CDB exceeds max size (%d > %d)", + acb->ioh->cmd_len, SCSI_CDB_MAX_SIZE); + qemu_aio_unref(acb); + return NULL; + } + acb->task = malloc(sizeof(struct scsi_task)); if (acb->task == NULL) { error_report("iSCSI: Failed to allocate task for scsi command. %s",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor