qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.0 18/47] curl: check data size before memc

From: Max Reitz
Subject: Re: [Qemu-devel] [PATCH for-2.0 18/47] curl: check data size before memcpy to local buffer. (CVE-2014-0144)
Date: Wed, 26 Mar 2014 21:29:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 
On 26.03.2014 13:05, Stefan Hajnoczi wrote:

From: Fam Zheng <address@hidden>

curl_read_cb is callback function for libcurl when data arrives. The
data size passed in here is not guaranteed to be within the range of
request we submitted, so we may overflow the guest IO buffer. Check the
real size we have before memcpy to buffer to avoid overflow.

Signed-off-by: Fam Zheng <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
  block/curl.c | 5 +++++
  1 file changed, 5 insertions(+)


Reviewed-by: Max Reitz <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]