From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56025)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aVkky-0004Oq-3V
	for qemu-devel@nongnu.org; Tue, 16 Feb 2016 13:53:52 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aVkku-0007Ba-Tr
	for qemu-devel@nongnu.org; Tue, 16 Feb 2016 13:53:52 -0500
Received: from mx1.redhat.com ([209.132.183.28]:37775)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aVkku-0007BT-Oe
	for qemu-devel@nongnu.org; Tue, 16 Feb 2016 13:53:48 -0500
From: P J P <ppandit@redhat.com>
Date: Wed, 17 Feb 2016 00:23:39 +0530
Message-Id: <1455648821-17340-1-git-send-email-ppandit@redhat.com>
Subject: [Qemu-devel] [PATCH 0/2] usb: check RNDIS offsets & length
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Qemu Developers <qemu-devel@nongnu.org>
Cc: Qinghao Tang <luodalongde@gmail.com>, Gerd Hoffmann <kraxel@redhat.com>, Prasad J Pandit <pjp@fedoraproject.org>

From: Prasad J Pandit <pjp@fedoraproject.org>

Hello,

When processing remote NDIS control message packets, the USB Net
device emulator uses a fixed length(4096) data buffer. The incoming
packet length could exceed that OR informationBufferOffset & Length
combination could overflow and cross that range. These two patches
add checks to avoid such overflows.

Thank you.
---
Prasad J Pandit (2):
  usb: check RNDIS message length
  usb: check RNDIS buffer offsets & length

 hw/usb/core.c        | 18 +++++++++---------
 hw/usb/dev-network.c |  9 ++++++---
 2 files changed, 15 insertions(+), 12 deletions(-)

-- 
2.5.0