|
Revision tags: v9.2.1 |
|
| #
e82fbf01 |
| 13-Jan-2025 |
Hongren Zheng <i@zenithal.me> |
hw/usb/canokey: Fix buffer overflow for OUT packet
When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.
It could be fixed by limit
hw/usb/canokey: Fix buffer overflow for OUT packet
When USBPacket in OUT direction has larger payload
than the ep_out_buffer (of size 512), a buffer overflow
would occur.
It could be fixed by limiting the size of usb_packet_copy
to be at most buffer size. Further optimization gets rid
of the ep_out_buffer and directly uses ep_out as the target
buffer.
This is reported by a security researcher who artificially
constructed an OUT packet of size 2047. The report has gone
through the QEMU security process, and as this device is for
testing purpose and no deployment of it in virtualization
environment is observed, it is triaged not to be a security bug.
Cc: qemu-stable@nongnu.org
Fixes: d7d34918551dc48 ("hw/usb: Add CanoKey Implementation")
Reported-by: Juan Jose Lopez Jaimez <thatjiaozi@gmail.com>
Signed-off-by: Hongren Zheng <i@zenithal.me>
Message-id: Z4TfMOrZz6IQYl_h@Sun
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 664280abddcb3cacc9c6204706bb739fcc1316f7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
show more ...
|
|
Revision tags: v9.2.0, v9.1.2, v9.1.1, v9.1.0 |
|
| #
5fc77092 |
| 26-Jul-2023 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging
Miscellaneous fixes
* Switch canokey license from Apache to GPLv2+
* Fix uninitialized variable in LUKS driver
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging
Miscellaneous fixes
* Switch canokey license from Apache to GPLv2+
* Fix uninitialized variable in LUKS driver
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmS/91MACgkQvobrtBUQ
# T9+WjA/9Gx02s4aZvLJ1gSpzPguIEjwEulVOBCTaxQ1Fuu/5RawWXmFMhQ/iwAbi
# EnbeDpghG+Qk+4DCfQDMq0F8zkozvZOLW8NTZJW66dpV9PSwji39eIpVgvin2GXA
# bGZBz6ZwXoTozplfY8LTzLIGyZNzGNjSO4ND1zsyXq57LXbWXhAdHvsxwi1h1rOc
# FbNMeSPFlwPtCnpQgBDQmRmQ5UzwZiJOCp3zi9njMM/D6AfU/n275QzLvd/3ydBO
# JW4q1IHyDs13g+SCnI4a2rqI7+Uf+Z7h2DfkwhoaGoGuTpZ6llTgM4asjUOFri66
# RzVWz6UK+uCUogq2wgfYJ5jyNwerU8DtyjSW3kxhLcaTTRUGG/+nQu9PV+aPy1xD
# DZWo74KBtiRDFVS1XTLoDd+tNDqzNRdCmWqlc0CWgjUU68b61+GCDnkr+F0rJ59t
# rL1Q+bgKDVnYVxbTVJQs9V6zdeu6o7x94moK2UCAUbGlaCcpkl/sZXqF586dMQAj
# SvaGRYBxMvZvDVeIaINV/sW+vssoSdi7MKaUHAiHydnph/NFzC501bszh7RMyfAd
# 4/PLsm4ezmSFBZ0BS6+zjMBwWEQYiJbl6DDZZI631qSC4G5yOm9TCW2I7ZPNdpRu
# CveFHf8/dREd5o5iE6Vl5mWZF++dOcil64PnevqEv5/wjQcyHJs=
# =+YRm
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 25 Jul 2023 09:24:51 AM PDT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
hw/usb/canokey: change license to GPLv2+
crypto: Always initialize splitkeylen
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
| #
0e6b20b9 |
| 30-Apr-2023 |
Hongren (Zenithal) Zheng <i@zenithal.me> |
hw/usb/canokey: change license to GPLv2+
Apache license is considered by some to be not compatible
with GPLv2+. Since QEMU as combined work is GPLv2-only,
these two files should be made compatible.
hw/usb/canokey: change license to GPLv2+
Apache license is considered by some to be not compatible
with GPLv2+. Since QEMU as combined work is GPLv2-only,
these two files should be made compatible.
Reported-by: "Daniel P. Berrangé" <berrange@redhat.com>
Link: https://lore.kernel.org/qemu-devel/ZEpKXncC%2Fe6FKRe9@redhat.com/
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-By: canokeys.org (http://canokeys.org) <contact@canokeys.org>
Acked-by: YuanYang Meng <mkfssion@mkfssion.com>
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
|
Revision tags: v8.0.0, v7.2.0 |
|
| #
8e6c70b9 |
| 14-Jun-2022 |
Richard Henderson <richard.henderson@linaro.org> |
Merge tag 'kraxel-20220614-pull-request' of git://git.kraxel.org/qemu into staging
usb: add CanoKey device, fixes for ehci + redir
ui: fixes for gtk and cocoa, rework refresh rate
virtio-gpu: scanou
Merge tag 'kraxel-20220614-pull-request' of git://git.kraxel.org/qemu into staging
usb: add CanoKey device, fixes for ehci + redir
ui: fixes for gtk and cocoa, rework refresh rate
virtio-gpu: scanout flush fix
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmKoe/8ACgkQTLbY7tPo
# cTgZqw/9HD5dMjP74jwrf14dSCR6FD8PfSZU43YBZtMKMtYIzSgrG0NGmreDIhmr
# ZM+G0By+J8vFaSqDukX31077DnptyrxsANOg3zc28SfOCrI7I/mNVymd9hl+Ydpd
# A7h0DpHxs1mkpTVxGoXZoJRGXUE41rctbFVjG3CGynSG9K2vFQRsJz0jG723dg5Y
# uv+Di1WkhqNkyKNsTEGbz9LNqtdtGzvQm3COBpKoTsl4X3EXIE68Qh7i3cMTSNIw
# KKPARW3oiCOy3Fc4kQW9nSxkkHMS6NPL1uyQ52j7pXYxRdxRaREFQ9Gxst3ie9bS
# mbqSuzS2+1v0w37bq9wE0PiCkmwWnu2KWiWWkAIYlmmZTgHvgxCvPcJaeItmap27
# dsAuPUGBbhhrmUwfMgJXp/wRvoZQc2l9w9+eUklsbI+VTbr6i+r/OoLRmnDJr+K/
# yNscMU1LzoigK0NDdP+PnFl3k8pux0Awtotgfyd+UGTSW8a5L6UFAWIxcUcd0Jjv
# 24jAEEc1S1ciDxJDWYn4+17KJARG7no2PRXsGXCUNaWduGEk8wPK+i6Xk82U36o7
# 7j0N16RFNv1YSUaUJHgtmAMRJIQMCiB42VaYxlDfzKupvq2RgRWaWBD/HozgLhXn
# DjEX+JRAnaOYnn1NURzTNDwnhQethJRXI1ntI1U8IFLYT4baSCY=
# =L5PO
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 14 Jun 2022 05:15:59 AM PDT
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [undefined]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [undefined]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'kraxel-20220614-pull-request' of git://git.kraxel.org/qemu:
virtio-gpu: Respect UI refresh rate for EDID
ui: Deliver refresh rate via QemuUIInfo
ui/console: Do not return a value with ui_info
virtio-gpu: update done only on the scanout associated with rect
usbredir: avoid queuing hello packet on snapshot restore
hw/usb/hcd-ehci: fix writeback order
MAINTAINERS: add myself as CanoKey maintainer
docs/system/devices/usb: Add CanoKey to USB devices examples
docs: Add CanoKey documentation
meson: Add CanoKey
hw/usb/canokey: Add trace events
hw/usb: Add CanoKey Implementation
ui/cocoa: Fix poweroff request code
ui/gtk-gl-area: create the requested GL context version
ui/gtk-gl-area: implement GL context destruction
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
| #
d7d34918 |
| 19-May-2022 |
Hongren (Zenithal) Zheng <i@zenithal.me> |
hw/usb: Add CanoKey Implementation
This commit added a new emulated device called CanoKey to QEMU.
CanoKey implements platform independent features in canokey-core
https://github.com/canokeys/canok
hw/usb: Add CanoKey Implementation
This commit added a new emulated device called CanoKey to QEMU.
CanoKey implements platform independent features in canokey-core
https://github.com/canokeys/canokey-core, and leaves the USB implementation
to the platform.
In this commit the USB part was implemented in QEMU using QEMU's USB APIs,
therefore the emulated CanoKey can communicate with the guest OS using USB.
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-Id: <YoY6Mgph6f6Hc/zI@Sun>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
show more ...
|