From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39291) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVFfO-0000dV-15 for qemu-devel@nongnu.org; Mon, 15 Feb 2016 04:42:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aVFfK-0001SU-9A for qemu-devel@nongnu.org; Mon, 15 Feb 2016 04:42:01 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33348) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVFfK-0001SP-3G for qemu-devel@nongnu.org; Mon, 15 Feb 2016 04:41:58 -0500 Message-ID: <1455529315.7504.13.camel@redhat.com> From: Gerd Hoffmann Date: Mon, 15 Feb 2016 10:41:55 +0100 In-Reply-To: References: <1454669651-29411-1-git-send-email-ppandit@redhat.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH] usb: check RNDIS buffer offsets & length List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: P J P Cc: Qinghao Tang , Qemu Developers On Mo, 2016-02-15 at 09:56 +0530, P J P wrote: > +-- On Tue, 9 Feb 2016, P J P wrote --+ > | +-- On Fri, 5 Feb 2016, P J P wrote --+ > | | From: Prasad J Pandit > | |=20 > | | When processing remote NDIS control message packets, the USB Net > | | device emulator uses a fixed length(4096) data buffer. The incoming > | | informationBufferOffset & Length combination could cross that range. > | | Check control message buffer offsets and length to avoid it. > | |=20 > | | Reported-by: Qinghao Tang > |=20 > | ...ping! >=20 > Ping...Gerd? Was offline for a week, will look soonish (have a email backlog to process now ...) cheers, Gerd