motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-01 14:53:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/hw/usb
History
Hongren Zheng 664280abdd hw/usb/canokey: Fix buffer overflow for OUT packet 
When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.

It could be fixed by limiting the size of usb_packet_copy
to be at most buffer size. Further optimization gets rid
of the ep_out_buffer and directly uses ep_out as the target
buffer.

This is reported by a security researcher who artificially
constructed an OUT packet of size 2047. The report has gone
through the QEMU security process, and as this device is for
testing purpose and no deployment of it in virtualization
environment is observed, it is triaged not to be a security bug.

Cc: qemu-stable@nongnu.org
Fixes: d7d3491855 ("hw/usb: Add CanoKey Implementation")
Reported-by: Juan Jose Lopez Jaimez <thatjiaozi@gmail.com>
Signed-off-by: Hongren Zheng <i@zenithal.me>
Message-id: Z4TfMOrZz6IQYl_h@Sun
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2025-01-28 18:40:19 +00:00
..
bus-stub.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
bus.c hw/usb: Inline usb_new() 2025-01-13 17:07:00 +01:00
canokey.c hw/usb/canokey: Fix buffer overflow for OUT packet 2025-01-28 18:40:19 +00:00
canokey.h hw/usb/canokey: Fix buffer overflow for OUT packet 2025-01-28 18:40:19 +00:00
ccid-card-emulated.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
ccid-card-passthru.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
ccid.h Use OBJECT_DECLARE_TYPE when possible 2020-09-18 14:12:32 -04:00
chipidea.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
combined-packet.c usb: limit combined packets to 1 MiB (CVE-2021-3527) 2021-05-05 15:06:01 +02:00
core.c usb: add pcap support. 2021-01-22 14:51:35 +01:00
desc-msos.c hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
desc.c hw/usb: Silence compiler warnings in USB code when compiling with -Wshadow 2023-10-06 13:27:48 +02:00
desc.h usb: allow max 8192 bytes for desc 2022-01-13 10:22:37 +01:00
dev-audio.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-hid.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-hub.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-mtp.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-network.c Accel & Exec patch queue 2024-12-21 11:07:00 -05:00
dev-serial.c hw/usb: Inline usb_new() 2025-01-13 17:07:00 +01:00
dev-smartcard-reader.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-storage-bot.c Don't include headers already included by qemu/osdep.h 2023-02-08 07:28:05 +01:00
dev-storage-classic.c Accel & Exec patch queue 2024-12-21 11:07:00 -05:00
dev-storage.c hw/usb/msd: Add status to usb_msd_packet_complete() function 2024-12-14 00:16:20 +01:00
dev-uas.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
dev-wacom.c hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
hcd-dwc2.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-dwc2.h include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
hcd-dwc3.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-ehci-pci.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-ehci-sysbus.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-ehci.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
hcd-ehci.h include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
hcd-ohci-pci.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-ohci-sysbus.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-ohci.c hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1 2024-06-21 16:20:45 +01:00
hcd-ohci.h include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
hcd-uhci.c hw/usb/uhci: Introduce and use register defines 2024-12-31 21:21:34 +01:00
hcd-uhci.h hw/usb/uhci: Rename NB_PORTS -> UHCI_PORTS 2024-02-20 20:34:21 +03:00
hcd-xhci-nec.c hw/usb/hcd-xhci-pci: Move msi/msix properties from NEC to superclass 2024-12-31 21:21:34 +01:00
hcd-xhci-pci.c hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec 2025-01-13 17:21:46 +01:00
hcd-xhci-pci.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
hcd-xhci-sysbus.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
hcd-xhci-sysbus.h usb/xhci: add include/hw/usb/xhci.h header file 2020-10-21 11:36:19 +02:00
hcd-xhci.c hw/usb/hcd-xhci-pci: Use event ring 0 if mapping unsupported 2025-01-13 17:21:46 +01:00
hcd-xhci.h include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
host-libusb.c Accel & Exec patch queue 2024-12-21 11:07:00 -05:00
imx-usb-phy.c hw: Use device_class_set_legacy_reset() instead of opencoding 2024-09-13 15:31:44 +01:00
Kconfig hw/usb: Remove MUSB USB host controller 2024-10-01 14:43:02 +01:00
libhw.c include: Rename sysemu/ -> system/ 2024-12-20 17:44:56 +01:00
meson.build hw/usb: Remove MUSB USB host controller 2024-10-01 14:43:02 +01:00
pcap.c usb/pcap: set flag_setup 2021-02-17 14:29:12 +01:00
quirks-ftdi-ids.h hw/usb: Fix typo in comments and print 2021-09-01 06:37:13 +02:00
quirks-pl2303-ids.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
quirks.c hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB 2020-03-16 23:02:25 +01:00
quirks.h hw/usb: spelling fixes 2023-08-31 19:47:43 +02:00
redirect.c Accel & Exec patch queue 2024-12-21 11:07:00 -05:00
trace-events hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1 2024-06-21 16:20:45 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
u2f-emulated.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
u2f-passthru.c include/hw/qdev-properties: Remove DEFINE_PROP_END_OF_LIST 2024-12-19 19:36:37 +01:00
u2f.c hw/usb: Constify VMState 2023-12-30 07:38:06 +11:00
u2f.h hw/usb/u2f: Declare QOM macros using OBJECT_DECLARE_TYPE() 2023-02-27 22:29:02 +01:00
vt82c686-uhci-pci.c hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts 2023-11-28 14:26:37 +01:00
xen-usb.c hw/xen: Make XenDevOps structures const 2024-06-04 11:53:43 +02:00
xlnx-usb-subsystem.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xlnx-versal-usb2-ctrl-regs.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00