Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
qemu.3557
0289-9pfs-fix-information-leak-in-xattr-.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0289-9pfs-fix-information-leak-in-xattr-.patch of Package qemu.3557
From 9a98e5f29d26b076045964981daec9da326a7af9 Mon Sep 17 00:00:00 2001 From: Li Qiang <liqiang6-s@360.cn> Date: Mon, 17 Oct 2016 14:13:58 +0200 Subject: [PATCH] 9pfs: fix information leak in xattr read 9pfs uses g_malloc() to allocate the xattr memory space, if the guest reads this memory before writing to it, this will leak host heap memory to the guest. This patch avoid this. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org> (cherry picked from commit eb687602853b4ae656e9236ee4222609f3a6887d) [BR: CVE-2016-9103 BSC#1007454] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/9pfs/virtio-9p.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c index 39b841b..5067d7d 100644 --- a/hw/9pfs/virtio-9p.c +++ b/hw/9pfs/virtio-9p.c @@ -3134,7 +3134,7 @@ static void v9fs_xattrcreate(void *opaque) xattr_fidp->fs.xattr.flags = flags; v9fs_string_init(&xattr_fidp->fs.xattr.name); v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); - xattr_fidp->fs.xattr.value = g_malloc(size); + xattr_fidp->fs.xattr.value = g_malloc0(size); err = offset; put_fid(pdu, file_fidp); out_nofid:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor