[v2] ccid-card-passthru: check buffer size parameter

[Qemu-devel] [PATCH v2 0/9] ccid-card-passthru: check buffer size parameter

Philippe Mathieu-Daudé posted 9 patches 6 years, 8 months ago

Diff against v1
Download series mbox

Test docker-clang@ubuntu failed

Test asan failed

Test docker-mingw@fedora passed

Test checkpatch passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20190214201939.494-1-philmd@redhat.com

Maintainers: Gerd Hoffmann <kraxel@redhat.com>

hw/usb/ccid-card-passthru.c | 73 +++++++++++++++++--------------------
1 file changed, 34 insertions(+), 39 deletions(-)

Expand all Fold all

[Qemu-devel] [PATCH v2 0/9] ccid-card-passthru: check buffer size parameter

Posted by Philippe Mathieu-Daudé 6 years, 8 months ago

Hi,

This is the v2 of Prasad J Pandit first version [*], with Paolo's
review comment addressed.
This is a quick fix for CVE-2018-18438: "Integer overflow in
ccid_card_vscard_read() allows memory corruption".

Please review,

Phil.

[*] https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html

Philippe Mathieu-Daudé (9):
  ccid-card-passthru: Move assertion in read() to can_read()
  ccid-card-passthru: Replace never trigger if statement by an assertion
  ccid-card-passthru: Assert on a stricter expression
  ccid-card-passthru: Let the chardev::read() be more generic
  ccid-card-passthru: Replace assert() by QEMU_BUILD_BUG_ON()
  ccid-card-passthru: Simplify the if() condition
  ccid-card-passthru: Use QERR_MISSING_PARAMETER
  ccid-card-passthru: Use size_t to hold size argument
  ccid-card-passthru: Use size_t for index

 hw/usb/ccid-card-passthru.c | 73 +++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 39 deletions(-)

-- 
2.20.1