Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.8005
CVE-2017-6414-qemuu-libcacard-host-memory-leaka...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-6414-qemuu-libcacard-host-memory-leakage-while-creating-new-APDU.patch of Package xen.8005
References: bsc#1027570 CVE-2017-6414 smartcard: fix memory leak in vcard_apdu_new In the error path, 'new_apdu->a_data' is not freed. This can be triggered by the guest continuely. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/libcacard/card_7816.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/libcacard/card_7816.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/libcacard/card_7816.c @@ -342,12 +342,12 @@ vcard_apdu_new(unsigned char *raw_apdu, new_apdu->a_len = len; *status = vcard_apdu_set_class(new_apdu); if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); + vcard_apdu_delete(new_apdu); return NULL; } *status = vcard_apdu_set_length(new_apdu); if (*status != VCARD7816_STATUS_SUCCESS) { - g_free(new_apdu); + vcard_apdu_delete(new_apdu); new_apdu = NULL; } return new_apdu;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor