File 0430-usb-redir-fix-stack-overflow-in-usb.patch of Package qemu-linux-user.7445

Overview Repositories Revisions Requests Users Attributes Meta

File 0430-usb-redir-fix-stack-overflow-in-usb.patch of Package qemu-linux-user.7445

From 169d2f3536f9c8905708f155c74c44f8f6039aa6 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 9 May 2017 13:01:28 +0200
Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't reinvent a broken wheel, just use the hexdump function we have.

Impact: low, broken code doesn't run unless you have debug logging
enabled.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170509110128.27261-1-kraxel@redhat.com
(cherry picked from commit bd4a683505b27adc1ac809f71e918e58573d851d)
[BR: BSC#1047674 CVE-2017-10806]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/usb/redirect.c | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index d832cf6d92..77c07dccb4 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -216,21 +216,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
 static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
     const uint8_t *data, int len)
 {
-    int i, j, n;
-
     if (dev->debug < usbredirparser_debug_data) {
         return;
     }
-
-    for (i = 0; i < len; i += j) {
-        char buf[128];
-
-        n = sprintf(buf, "%s", desc);
-        for (j = 0; j < 8 && i + j < len; j++) {
-            n += sprintf(buf + n, " %02X", data[i + j]);
-        }
-        error_report("%s", buf);
-    }
+    qemu_hexdump((char *)data, stderr, desc, len);
 }
 
 /*

Places

File 0430-usb-redir-fix-stack-overflow-in-usb.patch of Package qemu-linux-user.7445

Places