dfaggioli/qemu: Mirror of https://github.com/openSUSE/qemu - qemu

Go to file

Petr Matousek 6d9a092479 slirp: udp: fix NULL pointer dereference because of uninitialized socket

When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.

Fix this by checking that the socket is not just a socket stub.

This is CVE-2014-3640.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Xavier Mehrenberger <xavier.mehrenberger@airbus.com>
Reported-by: Stephane Duverger <stephane.duverger@eads.net>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 20140918063537.GX9321@dhcp-25-225.brq.redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 01f7cecf00)
[AF: BNC#897654]
Signed-off-by: Andreas Färber <afaerber@suse.de>

2015-02-05 08:18:48 -07:00

audio

audio: Replace non-portable asprintf in debug code by g_strdup_printf

2013-01-16 12:03:26 -06:00

backends

rng-random: Use qemu_open / qemu_close

2013-06-12 16:23:07 +02:00

block

qcow1: Validate image size (CVE-2014-0223)

2015-02-05 08:18:47 -07:00

bsd-user

linux-user: bsd-user: Don't reset X86CPU twice

2013-02-01 01:35:43 +01:00

default-configs

Add TEWS TPCI200 IndustryPack emulation

2013-01-14 13:26:12 -06:00

disas

build: remove universal-obj-y

2013-01-26 13:15:35 +00:00

docs

savevm: Ignore minimum_version_id_old if there is no load_state_old

2015-02-05 08:18:46 -07:00

fpu

softfloat: Handle float_muladd_negate_c when product is zero

2013-01-26 13:22:09 +00:00

fsdev

Legacy Patch kvm-qemu-provide-__u64-for-broken-sys-capability-h.patch

2013-06-12 16:23:05 +02:00

gdb-xml

gdb-xml: fix hacks in powerpc register numbering

2009-07-12 23:42:05 +02:00

usb: fix up post load checks

2015-02-05 08:18:48 -07:00

include

vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/

2015-02-05 08:18:46 -07:00

ldscripts

build: create ldscripts/

2012-12-19 08:29:06 +01:00

libcacard

libcacard: Fix unchecked strdup() by converting to g_strdup()

2013-01-30 11:14:46 +01:00

linux-headers

Update Linux kernel headers

2013-01-18 19:06:57 +01:00

linux-user

linux-user/syscall.c: Don't warn about unimplemented get_robust_list

2013-04-02 16:28:53 -05:00

net

Legacy Patch kvm-qemu-preXX-report-default-mac-used.patch

2013-06-12 16:23:06 +02:00

pc-bios

s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css

2015-02-05 08:18:38 -07:00

pixman @ 97336fad32

qapi: move include files to include/qobject/

2012-12-19 08:31:31 +01:00

qapi

qapi: Fix unchecked strdup() by converting to g_strdup()

2013-01-30 11:14:46 +01:00

qga

qga: unlink just created guest-file if fchmod() or fdopen() fails on it

2013-05-14 16:18:25 -05:00

QMP

qmp: add pull_event function

2012-10-24 10:26:22 +02:00

qobject

build: move qobject files to qobject/ and libqemuutil.a

2013-01-12 18:42:50 +01:00

qom

qom: remove object_delete

2013-02-01 15:53:11 -06:00

roms

update seabios to 1.7.2.1

2013-04-02 16:34:06 -05:00

scripts

Merge remote-tracking branch 'qemu-kvm/uq/master' into staging

2013-01-29 16:57:41 -06:00

slirp

slirp: udp: fix NULL pointer dereference because of uninitialized socket

2015-02-05 08:18:48 -07:00

stubs

stubs: fully replace qemu-tool.c and qemu-user.c

2013-01-12 17:19:08 +01:00

sysconfigs/target

Legacy Patch kvm-qemu-enable-kvm-acceleration.patch

2013-06-12 16:23:05 +02:00

target-alpha

target-alpha: Catch attempt to instantiate abstract type in cpu_init()

2013-01-27 23:33:34 +01:00

target-arm

target-arm: Rename CPU types

2013-01-30 16:03:57 +00:00

target-cris

target-cris: Build fix for debug output

2013-02-04 16:12:57 +01:00

target-i386

x86 XSAVE: Reconstruct xsave cpuid leafs

2015-02-05 08:18:47 -07:00

target-lm32

cpu: Move cpu_index field to CPUState

2013-01-15 04:09:13 +01:00

target-m68k

target-m68k: Fix comment

2013-02-06 15:52:07 +01:00

target-microblaze

target-microblaze: Mark as unmigratable

2013-02-01 01:35:21 +01:00

target-mips

target-mips: Fix accumulator arguments to gen_helper_dmult(u)

2013-05-14 13:01:34 -05:00

target-openrisc

target-openrisc: Rename CPU subtypes

2013-02-01 01:35:43 +01:00

target-ppc

ppc: do not register IABR SPR twice for 603e

2013-05-20 16:30:36 -05:00

target-s390x

s390: Fix handling of iscs.

2013-02-13 11:56:02 -06:00

target-sh4

target-sh4: Mark as unmigratable

2013-02-01 01:35:22 +01:00

target-sparc

cpu: do not use object_delete

2013-02-01 15:53:11 -06:00

target-unicore32

target-unicore32: Rename CPU subtypes

2013-02-01 01:35:43 +01:00

target-xtensa

target-xtensa: Mark as unmigratable

2013-02-01 01:35:21 +01:00

tcg

Handle CPU interrupts by inline checking of a flag

2013-05-14 15:48:21 -05:00

tests

qcow1: Validate image size (CVE-2014-0223)

2015-02-05 08:18:47 -07:00

trace

trace: deal with deprecated glib thread functions

2013-02-12 16:26:44 -06:00

vnc: provide fake color map

2015-02-05 08:18:37 -07:00

util

Allow clock_gettime() monotonic clock to be utilized on more OS's

2013-04-06 16:38:15 -05:00

.exrc

qemu: add .exrc

2012-09-07 09:02:44 +03:00

.gitignore

S390: ccw firmware: Add Makefile

2015-02-05 08:18:37 -07:00

.gitmodules

pixman: add submodule

2012-11-01 13:10:06 +01:00

.mailmap

Add a .mailmap to map pre-git-conversion authors to friendly names

2011-12-12 17:06:21 -06:00

aio-posix.c

aio: Fix return value of aio_poll()

2013-01-17 10:51:42 +01:00

aio-win32.c

aio: Fix return value of aio_poll()

2013-01-17 10:51:42 +01:00

arch_init.c

Allow XBZRLE decoding without enabling the capability

2013-02-01 08:32:21 +01:00

async.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

balloon.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

block-migration.c

block-migration: fix pending() and iterate() return values

2013-02-12 16:26:44 -06:00

block.c

block: Limit request size (CVE-2014-0143)

2015-02-05 08:18:43 -07:00

blockdev-nbd.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

blockdev.c

s390: Default virtio-blk to ccw

2013-06-12 16:23:07 +02:00

blockjob.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

bt-host.c

softmmu: move remaining include files to include/ subdirectories

2012-12-19 08:32:46 +01:00

bt-vhci.c

softmmu: move remaining include files to include/ subdirectories

2012-12-19 08:32:46 +01:00

Changelog

fix some common typos

2012-05-14 07:27:24 +02:00

cmd.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

cmd.h

Delete useless 'extern' qualifiers for functions

2011-01-23 16:21:20 +00:00

CODING_STYLE

Replace Qemu by QEMU in internal documentation

2012-04-07 13:58:25 +00:00

configure

Legacy Patch kvm-qemu-avoid-redunant-declaration-error.patch

2013-06-12 16:23:05 +02:00

COPYING

COPYING: update from FSF

2008-10-12 17:54:42 +00:00

COPYING.LIB

Update FSF address in GPL/LGPL boilerplate

2009-01-04 22:05:52 +00:00

coroutine-gthread.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

coroutine-sigaltstack.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

coroutine-ucontext.c

gcc: rename CONFIG_PRAGMA_DISABLE_UNUSED_BUT_SET to CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE

2013-01-12 12:42:53 +00:00

coroutine-win32.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

cpu-exec.c

Handle CPU interrupts by inline checking of a flag

2013-05-14 15:48:21 -05:00

cpus.c

kvm: Pass CPUState to kvm_on_sigbus_vcpu()

2013-01-28 16:57:56 +01:00

cputlb.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

device_tree.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

disas.c

monitor: move include files to include/monitor/

2012-12-19 08:31:32 +01:00

dma-helpers.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

dump-stub.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

dump.c

exec: change RAM list to a TAILQ

2012-12-20 23:08:47 +01:00

exec.c

Legacy Patch kvm-qemu-madvise-DONTFORK-for-tight-memory-migration.patch

2013-06-12 16:23:04 +02:00

gdbstub.c

cpu: Move cpu_index field to CPUState

2013-01-15 04:09:13 +01:00

HACKING

HACKING: List areas where we may rely on impdef C behaviour

2012-12-08 14:27:40 +00:00

hmp-commands.hx

hmp: Disable chardev-add and chardev-remove

2013-02-06 16:35:43 -06:00

hmp.c

error: Strip trailing '\n' from error string arguments (again)

2013-02-11 08:13:19 -06:00

hmp.h

qemu-char: Saner naming of memchar stuff & doc fixes

2013-02-06 16:35:19 -06:00

iohandler.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

ioport.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

kvm-all.c

KVM: Extend dynamic MSI route flush

2015-02-05 08:18:47 -07:00

kvm-stub.c

kvm: Pass CPUState to kvm_on_sigbus_vcpu()

2013-01-28 16:57:56 +01:00

LICENSE

LICENSE: There is no libqemu.a anymore

2011-12-09 11:25:22 +00:00

main-loop.c

Check return values from g_poll and select

2013-01-09 11:03:05 -06:00

MAINTAINERS

prep: Move PReP machine to hw/ppc/

2013-01-30 10:42:29 +01:00

Makefile

build: remove *.lo, *.a, *.la files from all subdirectories on make clean

2013-01-26 13:30:00 +00:00

Makefile.objs

configure: Don't fall back to gthread coroutine backend

2013-05-16 14:35:48 -05:00

Makefile.target

build: remove universal-obj-y

2013-01-26 13:15:35 +00:00

memory_mapping-stub.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

memory_mapping.c

exec: change RAM list to a TAILQ

2012-12-20 23:08:47 +01:00

memory.c

bitops: unify bitops_ffsl with the one in host-utils.h, call it bitops_ctzl

2013-02-02 20:16:00 +00:00

migration-exec.c

migration: make writes blocking

2012-12-20 23:09:25 +01:00

migration-fd.c

migration: make writes blocking

2012-12-20 23:09:25 +01:00

migration-tcp.c

oslib-posix: rename socket_set_nonblock() to qemu_set_nonblock()

2013-04-04 15:17:32 -05:00

migration-unix.c

oslib-posix: rename socket_set_nonblock() to qemu_set_nonblock()

2013-04-04 15:17:32 -05:00

migration.c

oslib-posix: rename socket_set_nonblock() to qemu_set_nonblock()

2013-04-04 15:17:32 -05:00

monitor.c

HMP: add sub command table to info

2013-01-17 10:24:52 -02:00

nbd.c

oslib-posix: rename socket_set_nonblock() to qemu_set_nonblock()

2013-04-04 15:17:32 -05:00

os-posix.c

Legacy Patch qemu-datadir.diff

2013-06-12 16:23:04 +02:00

os-win32.c

qemu-timer: move timeBeginPeriod/timeEndPeriod to os-win32

2013-05-16 17:22:34 -05:00

page_cache.c

page_cache: fix memory leak

2013-04-02 15:44:43 -05:00

qapi-schema-test.json

qapi: add struct-errors test case to test-qmp-output-visitor

2012-03-27 09:11:00 -03:00

qapi-schema.json

help: add docs for missing 'queues' option of tap

2013-04-05 13:57:17 -05:00

qdict-test-data.txt

Introduce QDict test data file

2009-09-04 09:37:34 -05:00

qemu-bridge-helper.c

qemu-bridge-helper: force usage of a very high MAC address for the bridge

2013-04-02 11:31:58 -05:00

qemu-char.c

Make char muxer more robust wrt small FIFOs

2013-06-12 16:23:06 +02:00

qemu-coroutine-io.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

qemu-coroutine-lock.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

qemu-coroutine-sleep.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

qemu-coroutine.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

qemu-doc.texi

Documentation: Update image format information

2012-11-30 11:33:24 +01:00

qemu-img-cmds.hx

qemu-img: document 'info --backing-chain'

2012-10-24 10:26:19 +02:00

qemu-img.c

qemu-img: report size overflow error message

2013-01-02 16:08:56 +01:00

qemu-img.texi

Documentation: Update image format information

2012-11-30 11:33:24 +01:00

qemu-io.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

qemu-log.c

qemu-log: Plug trivial memory leak in cpu_set_log_filename()

2013-01-30 11:14:46 +01:00

qemu-nbd.c

Add -f FMT / --format FMT arg to qemu-nbd

2013-04-09 10:00:20 -05:00

qemu-nbd.texi

Add -f FMT / --format FMT arg to qemu-nbd

2013-04-09 10:00:20 -05:00

qemu-options-wrapper.h

vl.c: In qemu -h output, only print options for the arch we are running as

2011-12-19 10:27:33 -06:00

qemu-options.h

vl.c: Move option generation logic into a wrapper file

2011-12-19 10:27:33 -06:00

qemu-options.hx

TLS support for VNC Websockets

2013-07-25 15:42:10 +02:00

qemu-seccomp.c

Add syscalls to white list which allow sdl output

2013-06-12 16:23:07 +02:00

qemu-tech.texi

qemu-tech.texi: update implemented xtensa features list

2012-11-29 13:00:52 -06:00

qemu-timer.c

qemu-timer: move timeBeginPeriod/timeEndPeriod to os-win32

2013-05-16 17:22:34 -05:00

qemu.sasl

Add SASL authentication support ("Daniel P. Berrange")

2009-03-06 20:27:28 +00:00

qmp-commands.hx

qmp: netdev_add is like -netdev, not -net, fix documentation

2013-04-02 10:43:46 -05:00

qmp.c

softmmu: move remaining include files to include/ subdirectories

2012-12-19 08:32:46 +01:00

qtest.c

qtest: Use strtoull() for uint64_t

2013-02-11 13:22:39 -06:00

readline.c

readline: Fix unchecked strdup() by converting to g_strdup()

2013-01-30 11:14:46 +01:00

README

Update README

2011-12-11 17:50:43 -06:00

rules.mak

rules/mak: make clean should blow away timestamp files

2013-01-30 01:31:08 +02:00

savevm.c

savevm: Ignore minimum_version_id_old if there is no load_state_old

2015-02-05 08:18:46 -07:00

spice-qemu-char.c

Merge remote-tracking branch 'bonzini/header-dirs' into staging

2012-12-19 17:15:39 -06:00

tcg-runtime.c

tcg: add div/rem 32-bit helpers

2010-03-14 22:04:50 +01:00

tci.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

thread-pool.c

misc: move include files to include/qemu/

2012-12-19 08:32:39 +01:00

thunk.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

TODO

Update

2008-12-04 11:29:42 +00:00

trace-events

scsi: do not call scsi_read_data/scsi_write_data for a canceled request

2013-04-02 10:53:33 -05:00

translate-all.c

translate-all.c: Remove cpu_unlink_tb()

2013-05-14 15:48:38 -05:00

translate-all.h

exec: move TB handling to translate-all.c

2012-12-16 08:28:41 +00:00

user-exec.c

Merge remote-tracking branch 'bonzini/header-dirs' into staging

2012-12-19 17:15:39 -06:00

VERSION

update VERSION for 1.4.2

2013-05-23 17:12:44 -05:00

version.rc

mingw: add version information to the executables

2010-09-26 16:07:57 +00:00

vl.c

Common: Add quick access to first boot device

2013-08-01 14:57:48 +02:00

xbzrle.c

Move XBZRLE encoding code to a separate file to allow testing

2013-02-01 08:32:20 +01:00

xen-all.c

xen: Simplify halting of first CPU

2013-01-15 04:09:14 +01:00

xen-mapcache.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

xen-stub.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

README

Read the documentation in qemu-doc.html or on http://wiki.qemu.org

- QEMU team

Languages

C 82.6%

C++ 6.5%

Python 3.3%

Dylan 2.9%

Shell 1.6%

Other 2.9%