| commit | 885e8f984ea846e79a39ddc4f066f4dd3d04b264 | |
| author | Isaku Yamahata <yamahata@private.email.ne.jp> | |
| Fri, 9 Aug 2013 20:05:40 +0000 (9 16:05 -0400) | ||
| committer | Anthony Liguori <aliguori@us.ibm.com> | |
| Mon, 12 Aug 2013 14:31:15 +0000 (12 09:31 -0500) | ||
| tree | e4779c6c19f1b1e6c4bc42e8d903b323052c05cd | treesnapshot (tar.gz zip) |
| parent | 6dd2a5c98a6b1c9189d342bcc3493c9b5dd1217e | commitdiff |
rdma: use resp.len after validation in qemu_rdma_registration_stop
resp.len is given from remote host. So should be validated before use.
Otherwise memcpy can access beyond the buffer.
Cc: Michael R. Hines <mrhines@us.ibm.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael R. Hines <mrhines@us.ibm.com>
Signed-off-by: Isaku Yamahata <yamahata@private.email.ne.jp>
Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-2-git-send-email-mrhines@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
resp.len is given from remote host. So should be validated before use.
Otherwise memcpy can access beyond the buffer.
Cc: Michael R. Hines <mrhines@us.ibm.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael R. Hines <mrhines@us.ibm.com>
Signed-off-by: Isaku Yamahata <yamahata@private.email.ne.jp>
Signed-off-by: Michael R. Hines <mrhines@us.ibm.com>
Message-id: 1376078746-24948-2-git-send-email-mrhines@linux.vnet.ibm.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| migration-rdma.c | diffblobblamehistory |