mirror of
https://github.com/qemu/qemu.git
synced 2024-11-23 19:03:38 +08:00
ade0075523
The function get_fd extract context from the received MAD message and uses it as a key to fetch the destination fd from the mapping table. A context can be dgid in case of CM request message or comm_id in case of CM SIDR response message. When MAD message with a smaller size as expected for the message type received we are hitting out-of-bounds where we are looking for the context out of message boundaries. Fix it by validating the message size. Reported-by Sam Smith <sam.j.smith@oracle.com> Signed-off-by: Yuval Shaia <yuval.shaia@oracle.com> Message-Id: <20190212112347.1605-1-yuval.shaia@oracle.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> |
||
---|---|---|
.. | ||
elf2dmp | ||
gitdm | ||
ivshmem-client | ||
ivshmem-server | ||
libvhost-user | ||
rdmacm-mux | ||
systemd | ||
vhost-user-blk | ||
vhost-user-scsi |