Re: [Qemu-devel] [PATCH] i2c-ddc: fix oob read

On 08.01.19 11:23, Gerd Hoffmann wrote: > Suggested-by: Michael Hanselmann > Signed-off-by: Gerd Hoffmann Looks good to me. Reviewed-by: Michael Hanselmann signature.asc Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] smbus_eeprom: Limit data writes to 255 bytes

Hi Paolo On 28.12.18 14:52, Paolo Bonzini wrote: > On 27/12/18 12:51, Michael Hanselmann wrote: >> The "eeprom_write_data" function in "smbus_eeprom.c" had no provisions >> to limit the length of data written. If a caller were able to manipulate >> the &qu

Re: [Qemu-devel] [PATCH] smbus_eeprom: Limit data writes to 255 bytes

Hi Philippe On 27.12.18 20:03, Philippe Mathieu-Daudé wrote: > On Thu, Dec 27, 2018 at 12:53 PM Michael Hanselmann wrote: > The "eeprom_write_data" function in "smbus_eeprom.c" had no provisions > to limit the length of data written. If a caller were able to mani

[Qemu-devel] [PATCH] smbus_eeprom: Limit data writes to 255 bytes

The "eeprom_write_data" function in "smbus_eeprom.c" had no provisions to limit the length of data written. If a caller were able to manipulate the "len" parameter they could potentially write before or after the target buffer. --- hw/i2c/smbus_eeprom.c | 1 + 1 file changed, 1 insertion(+) diff

[Qemu-devel] [PATCH] usb-mtp: Limit filename to object information size

the opportunity to not assign the filename member twice. Signed-off-by: Michael Hanselmann --- hw/usb/dev-mtp.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 100b7171f4..360ca65ee4 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c

Re: [Qemu-devel] [PATCH] usb-mtp: use O_NOFOLLOW and O_CLOEXEC.

ct of this bug is rather low when qemu is managed by > libvirt due to qemu running sandboxed, so there isn't much you can gain > access to that way. > > Fixes: CVE-2018-pjp-please-get-one > Cc: Prasad J Pandit > Cc: Bandan Das > Reported-by: Michael Hanselmann > Signe

Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write

On 06.12.18 09:48, P J P wrote: > While performing block transfer write in smb_ioport_writeb(), > 'smb_index' is incremented and used to index smb_data[] array. > Check 'smb_index' value to avoid OOB access. > > Reported-by: Michael Hanselmann Considering that Li Qiang had alread

Re: [Qemu-devel] [PATCH] i2c: pm_smbus: check smb_index before block transfer write

On 06.12.18 09:48, P J P wrote: > Reported-by: Michael Hanselmann > Signed-off-by: Prasad J Pandit Reviewed-by: Michael Hanselmann Best regards, Michael

Re: [Qemu-devel] [PATCH for-3.1 2/2] usb-mtp: outlaw slashes in filenames

mes. >>>> Note this also stops the classic escape via "../". >>>> >>>> Fixes: CVE-2018-16867 >>>> Reported-by: Michael Hanselmann (hansmi.ch) >>> >>> It's common for scripts to match '', can you write this one as >>> Mic

Re: [Qemu-devel] [PATCH] Update i440FX/PIIX3 emulation

Hi Avi On Wed, Oct 31, 2007 at 03:17:04PM +0200, Avi Kivity wrote: --- bios/acpi-dsdt.dsl 28 Sep 2006 18:56:20 - 1.1 +++ bios/acpi-dsdt.dsl 30 Oct 2007 23:52:22 - @@ -369,7 +369,7 @@ DefinitionBlock ( Method (_STA, 0, NotSerialized)

Re: [Qemu-devel] [PATCH] Update i440FX/PIIX3 emulation

On Thu, Oct 25, 2007 at 12:42:22AM +0200, Michael Hanselmann wrote: The patch below updates the i440FX/PIIX3 emulation. It does: I never got any reaction to that patch. Is it still awaiting review? This does not yet remove the workaround introduced by Igor Lvovsky's patch. However, I'm

[Qemu-devel] [PATCH] Update i440FX/PIIX3 emulation

the specs Signed-off-by: Michael Hanselmann [EMAIL PROTECTED] --- This does not yet remove the workaround introduced by Igor Lvovsky's patch. However, I'm working on that since it, despite my earlier mail, seems to help with my ACPI shutdown problem. Greets, Michael Index: hw/piix_pci.c

Re: [Qemu-devel] qemu/hw piix_pci.c

On Mon, Oct 22, 2007 at 12:52:30AM -0700, Igor Lvovsky wrote: My last patch can be temporary workaround and now we can get the ACPI interrupts without disrupt anything else, but I'll try to find full solution for this issue. Interestingly, Linux doesn't receive any interrupts from ACPI, too.

Re: [Qemu-devel] What is the best way to control qemu on a remote box?

On Fri, Jul 27, 2007 at 09:22:08AM -0700, n schembr wrote: Is system_powerdown a better way to stop the host? Is system_powerdown a soft operation like the atx powersupply? It did not work with a smoothwall guest. It would, but is not implemented for x86. I've been working on it using ACPI,

Re: [Qemu-devel] [PATCH] Implement ACPI specs 3.0, 4.7.2.5

On Tue, Jun 26, 2007 at 10:32:23PM +0200, Michael Hanselmann wrote: The patch below implements ACPI_ENABLE and ACPI_DISABLE as described in section 4.7.2.5 of the ACPI 3.0 specs. Has this patch been ignored by accident or is there something wrong with it? Thanks, Michael -- http://hansmi.ch/

[Qemu-devel] Problem with triggering interrupts

Hello I'm trying to implement the “system_powerdown” command for i386/x86_64. After way too much time, I've now to hope for someone else being able to help me, I just don't get it anymore. Due to the available infrastructure, I decided to use an ACPI power button event. You can find my current

[Qemu-devel] [PATCH] Implement ACPI specs 3.0, 4.7.2.5

The patch below implements ACPI_ENABLE and ACPI_DISABLE as described in section 4.7.2.5 of the ACPI 3.0 specs. Signed-off-by: Michael Hanselmann [EMAIL PROTECTED] Greets, Michael --- Index: hw/acpi.c === RCS file: /sources/qemu

[Qemu-devel] [PATCH] Implement ^W in readline.c

Hello The patch below implements ^W (Ctrl+W) in readline.c, allowing it to be used in the monitor. Signed-off-by: Michael Hanselmann [EMAIL PROTECTED] Greets, Michael --- Index: readline.c === RCS file: /sources/qemu/qemu