motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 08:13:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

hw/block/nvme: fix out-of-bounds read in nvme_subsys_ctrl

Browse source 
nvme_subsys_ctrl() is used in contexts where the given controller
identifier is from an untrusted source. Like its friends nvme_ns() and
nvme_subsys_ns(), nvme_subsys_ctrl() should just return NULL if an
invalid identifier is given.

Fixes: 645ce1a70c ("hw/block/nvme: support namespace attachment command")
Cc: Minwoo Im <minwoo.im.dev@gmail.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im.dev@gmail.com>
This commit is contained in:
Klaus Jensen 2021-04-07 07:16:14 +02:00
parent ec20329748
commit 7645f21f40
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hw/block/nvme-subsys.h
View file

@ -36,7 +36,7 @@ int nvme_subsys_register_ctrl(NvmeCtrl *n, Error **errp);
static inline NvmeCtrl *nvme_subsys_ctrl(NvmeSubsystem *subsys,
uint32_t cntlid)
{
if (!subsys) {
if (!subsys || cntlid >= NVME_SUBSYS_MAX_CTRLS) {
return NULL;
}