qemu/contrib
Yuval Shaia ade0075523 contrib/rdmacm-mux: Fix out-of-bounds risk
The function get_fd extract context from the received MAD message and
uses it as a key to fetch the destination fd from the mapping table.
A context can be dgid in case of CM request message or comm_id in case
of CM SIDR response message.

When MAD message with a smaller size as expected for the message type
received we are hitting out-of-bounds where we are looking for the
context out of message boundaries.

Fix it by validating the message size.

Reported-by Sam Smith <sam.j.smith@oracle.com>
Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com>
Message-Id: <20190212112347.1605-1-yuval.shaia@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
2019-03-16 15:45:12 +02:00
..
elf2dmp contrib/elf2dmp: add kernel start address checking 2019-03-11 16:33:49 +01:00
gitdm contrib: gitdm: add a mapping for Janus Technologies 2019-03-12 19:31:29 +00:00
ivshmem-client qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
ivshmem-server qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
libvhost-user libvhost-user: Support tracking inflight I/O in shared memory 2019-03-12 22:31:21 -04:00
rdmacm-mux contrib/rdmacm-mux: Fix out-of-bounds risk 2019-03-16 15:45:12 +02:00
systemd contrib: add systemd unit files 2017-12-20 22:29:26 +01:00
vhost-user-blk vhost-user-blk: add discard/write zeroes features support 2019-02-05 10:58:33 -05:00
vhost-user-scsi Clean up includes 2018-12-20 10:29:08 +01:00