packages/qemu - qemu - OEPKGS Git Repository for openEuler 20.03 LTS SP4 Template

packages/qemu

Fork 0

Commit Graph

Author	SHA1	Message	Date
lijiajie	22b067020e	hw/usb/core.c fix buffer overflow in do_token_setup() function Store calculated setup_len in a local variable, verify it, and only write it to the struct(USBDevice->setup_len)in case it passed the sanity checks. This prevent other code (do_token_{in,out}function specifically) from working with invalid USBDevice->setup_len values and overruning the USBDevice->setup_buf[] buffer. Fixes: CVE-2020-14364	2020-08-27 20:34:42 +08:00

Author

SHA1

Message

Date

lijiajie

22b067020e

hw/usb/core.c fix buffer overflow in do_token_setup() function

Store calculated setup_len in a local variable, verify it, and only
write it to the struct(USBDevice->setup_len)in case it passed the
sanity checks.

This prevent other code (do_token_{in,out}function specifically)
from working with invalid USBDevice->setup_len values and overruning
the USBDevice->setup_buf[] buffer.

Fixes: CVE-2020-14364

2020-08-27 20:34:42 +08:00

1 Commits