1. 05 Feb, 2019 2 commits
    • Christophe Fergeau's avatar
      memslot: Fix off-by-one error in group/slot boundary check · a4a16ac4
      Christophe Fergeau authored
      RedMemSlotInfo keeps an array of groups, and each group contains an
      array of slots. Unfortunately, these checks are off by 1, they check
      that the index is greater or equal to the number of elements in the
      array, while these arrays are 0 based. The check should only check for
      strictly greater than the number of elements.
      
      For the group array, this is not a big issue, as these memslot groups
      are created by spice-server users (eg QEMU), and the group ids used to
      index that array are also generated by the spice-server user, so it
      should not be possible for the guest to set them to arbitrary values.
      
      The slot id is more problematic, as it's calculated from a QXLPHYSICAL
      address, and such addresses are usually set by the guest QXL driver, so
      the guest can set these to arbitrary values, including malicious values,
      which are probably easy to build from the guest PCI configuration.
      
      This patch fixes the arrays bound check, and adds a test case for this.
      This fixes CVE-2019-3813.
      Signed-off-by: Christophe Fergeau's avatarChristophe Fergeau <cfergeau@redhat.com>
      Acked-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
      a4a16ac4
    • Christophe Fergeau's avatar
      build-sys: Raise glib requirement to 2.38 · 03d46e9e
      Christophe Fergeau authored
      meson is already using 2.38, and most distros have a newer version:
          - Fedora 28 has 2.56
          - CentOS 7 has 2.46
          - Debian 9 has 2.50
      
      This also matches what spice-common requires.
      Signed-off-by: Christophe Fergeau's avatarChristophe Fergeau <cfergeau@redhat.com>
      Acked-by: default avatarEduardo Lima (Etrunko) <etrunko@redhat.com>
      Acked-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
      03d46e9e
  2. 04 Feb, 2019 1 commit
  3. 01 Feb, 2019 2 commits
  4. 31 Jan, 2019 6 commits
  5. 30 Jan, 2019 4 commits
  6. 29 Jan, 2019 3 commits
  7. 28 Jan, 2019 1 commit
  8. 26 Jan, 2019 2 commits
  9. 23 Jan, 2019 5 commits
  10. 17 Jan, 2019 1 commit
  11. 15 Jan, 2019 1 commit
  12. 08 Jan, 2019 1 commit
  13. 03 Jan, 2019 3 commits
  14. 25 Dec, 2018 4 commits
  15. 23 Dec, 2018 2 commits
  16. 07 Dec, 2018 1 commit
  17. 06 Dec, 2018 1 commit