From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: "Prasad J Pandit" <pjp@fedoraproject.org>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
qemu-devel@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>
Cc: "Gerd Hoffmann" <kraxel@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: [Qemu-devel] [PATCH v2 0/9] ccid-card-passthru: check buffer size parameter
Date: Thu, 14 Feb 2019 21:19:30 +0100 [thread overview]
Message-ID: <20190214201939.494-1-philmd@redhat.com> (raw)
Hi,
This is the v2 of Prasad J Pandit first version [*], with Paolo's
review comment addressed.
This is a quick fix for CVE-2018-18438: "Integer overflow in
ccid_card_vscard_read() allows memory corruption".
Please review,
Phil.
[*] https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02200.html
Philippe Mathieu-Daudé (9):
ccid-card-passthru: Move assertion in read() to can_read()
ccid-card-passthru: Replace never trigger if statement by an assertion
ccid-card-passthru: Assert on a stricter expression
ccid-card-passthru: Let the chardev::read() be more generic
ccid-card-passthru: Replace assert() by QEMU_BUILD_BUG_ON()
ccid-card-passthru: Simplify the if() condition
ccid-card-passthru: Use QERR_MISSING_PARAMETER
ccid-card-passthru: Use size_t to hold size argument
ccid-card-passthru: Use size_t for index
hw/usb/ccid-card-passthru.c | 73 +++++++++++++++++--------------------
1 file changed, 34 insertions(+), 39 deletions(-)
--
2.20.1
next reply other threads:[~2019-02-14 20:20 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-14 20:19 Philippe Mathieu-Daudé [this message]
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 1/9] ccid-card-passthru: Move assertion in read() to can_read() Philippe Mathieu-Daudé
2019-02-14 21:18 ` Eric Blake
2019-02-15 8:44 ` Wei Yang
2019-02-15 11:02 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 2/9] ccid-card-passthru: Replace never trigger if statement by an assertion Philippe Mathieu-Daudé
2019-02-15 10:59 ` Marc-André Lureau
2019-02-18 22:10 ` Philippe Mathieu-Daudé
2019-02-21 11:04 ` P J P
2019-02-21 11:09 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 3/9] ccid-card-passthru: Assert on a stricter expression Philippe Mathieu-Daudé
2019-02-15 8:47 ` Wei Yang
2019-02-15 11:15 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 4/9] ccid-card-passthru: Let the chardev::read() be more generic Philippe Mathieu-Daudé
2019-02-15 11:43 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 5/9] ccid-card-passthru: Replace assert() by QEMU_BUILD_BUG_ON() Philippe Mathieu-Daudé
2019-02-15 11:44 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 6/9] ccid-card-passthru: Simplify the if() condition Philippe Mathieu-Daudé
2019-02-15 11:49 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 7/9] ccid-card-passthru: Use QERR_MISSING_PARAMETER Philippe Mathieu-Daudé
2019-02-14 21:22 ` Eric Blake
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 8/9] ccid-card-passthru: Use size_t to hold size argument Philippe Mathieu-Daudé
2019-02-15 11:51 ` Marc-André Lureau
2019-02-14 20:19 ` [Qemu-devel] [PATCH v2 9/9] ccid-card-passthru: Use size_t for index Philippe Mathieu-Daudé
2019-02-15 11:52 ` Marc-André Lureau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190214201939.494-1-philmd@redhat.com \
--to=philmd@redhat.com \
--cc=kraxel@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pjp@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).