scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Paolo Bonzini <pbonzini@redhat.com>	2019-08-14 17:35:21 +0530
committer	Paolo Bonzini <pbonzini@redhat.com>	2019-08-20 20:00:52 +0200
commit	de594e47659029316bbf9391efb79da0a1a08e08 (patch)
tree	22f8f2a895bcf13ac6b57d574b48a44344bfa99b /hw/intc/xive.c
parent	a060297822ea6b4194bf36654e58c802448a3eea (diff)
download	focaccia-qemu-de594e47659029316bbf9391efb79da0a1a08e08.tar.gz focaccia-qemu-de594e47659029316bbf9391efb79da0a1a08e08.zip

scsi: lsi: exit infinite loop while executing script (CVE-2019-12068)

When executing script in lsi_execute_script(), the LSI scsi adapter
emulator advances 's->dsp' index to read next opcode. This can lead
to an infinite loop if the next opcode is empty. Move the existing
loop exit after 10k iterations so that it covers no-op opcodes as
well.

Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'hw/intc/xive.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: