qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH v3 0/4] ivshmem security fixes

From: Andreas Färber
Subject: [Qemu-devel] [PATCH v3 0/4] ivshmem security fixes
Date: Mon, 15 Sep 2014 18:40:04 +0200 
Hello,

This series tightens security on incoming data for ivshmem, originally sparked
by SUSE's security team (Sebastian Krahmer). I've combined them and tackled
remaining review feedback.

Regards,
Andreas

Changes from Sebastian's #2:
* Rebased onto Stefan's patches
* Dropped g_realloc() check (Stefan)
* Fixed fd leak and appended a patch fixing another one (Stefan)
* Simplified comment (Stefan)

Changes from Stefan's series:
* Modified to handle partial reads (Peter/Gerd)
* Changed check from > to >= (Peter)

Cc: Cam Macdonell <address@hidden>
Cc: Stefan Hajnoczi <address@hidden>
Cc: Michael S. Tsirkin <address@hidden>
Cc: Sebastian Krahmer <address@hidden>
Cc: Peter Maydell <address@hidden>
Cc: Gerd Hoffmann <address@hidden>
Cc: David Marchand <address@hidden>

Andreas Färber (1):
  ivshmem: Fix fd leak on error

Sebastian Krahmer (1):
  ivshmem: Fix potential OOB r/w access

Stefan Hajnoczi (2):
  ivshmem: Check ivshmem_read() size argument
  ivshmem: validate incoming_posn value from server

 hw/misc/ivshmem.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 60 insertions(+), 6 deletions(-)

-- 
1.8.4.5
reply via email to
[Prev in Thread] Current Thread [Next in Thread]