File CVE-2016-5106-qemuu-scsi-megasas-out-of-bounds-... of Package xen.8005

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-5106-qemuu-scsi-megasas-out-of-bounds-write-while-setting-controller-properties.patch of Package xen.8005

References: bsc#982025 CVE-2016-5106

When setting MegaRAID SAS controller properties via MegaRAID
Firmware Interface(MFI) commands, a user supplied size parameter
is used to set property value. Use appropriate size value to avoid
OOB access issues.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
@@ -1330,7 +1330,7 @@ static int megasas_dcmd_set_properties(M
                                             dcmd_size);
         return MFI_STAT_INVALID_PARAMETER;
     }
-    dma_buf_write((uint8_t *)&info, cmd->iov_size, &cmd->qsg);
+    dma_buf_write((uint8_t *)&info, dcmd_size, &cmd->qsg);
     trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
     return MFI_STAT_OK;
 }

Places

File CVE-2016-5106-qemuu-scsi-megasas-out-of-bounds-write-while-setting-controller-properties.patch of Package xen.8005

Places