git.ipfire.org Git - thirdparty/qemu.git/commit

author	Prasad J Pandit <pjp@fedoraproject.org>
	Sun, 13 Jan 2019 17:59:48 +0000 (23:29 +0530)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Tue, 2 Apr 2019 18:16:34 +0000 (13:16 -0500)
commit	345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
tree	a8cbcfe7568ac73539aec44b2bd3bee437dd2144	tree \| snapshot
parent	bd6dd4eaa6f7fe0c4d797d4e59803d295313b7a7	commit \| diff

slirp: check data length while emulating ident function

While emulating identification protocol, tcp_emu() does not check
available space in the 'sc_rcv->sb_data' buffer. It could lead to
heap buffer overflow issue. Add check to avoid it.

Reported-by: Kira <864786842@qq.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
*CVE-2019-6778
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>