diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch')
-rw-r--r-- | app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch new file mode 100644 index 000000000000..7520863a7dd8 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-9103.patch @@ -0,0 +1,27 @@ +Author: Li Qiang <liqiang6-s@360.cn> +Date: Mon Oct 17 14:13:58 2016 +0200 + + 9pfs: fix information leak in xattr read + + 9pfs uses g_malloc() to allocate the xattr memory space, if the guest + reads this memory before writing to it, this will leak host heap memory + to the guest. This patch avoid this. + + Signed-off-by: Li Qiang <liqiang6-s@360.cn> + Reviewed-by: Greg Kurz <groug@kaod.org> + Signed-off-by: Greg Kurz <groug@kaod.org> + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 26aa7d5..bf23b01 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque) + xattr_fidp->fs.xattr.flags = flags; + v9fs_string_init(&xattr_fidp->fs.xattr.name); + v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); + g_free(xattr_fidp->fs.xattr.value); +- xattr_fidp->fs.xattr.value = g_malloc(size); ++ xattr_fidp->fs.xattr.value = g_malloc0(size); + err = offset; + put_fid(pdu, file_fidp); + out_nofid: |