File CVE-2016-5105-qemuu-scsi-megasas-stack-informat... of Package xen.2959

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-5105-qemuu-scsi-megasas-stack-information-leakage-while-reading-configuration.patch of Package xen.2959

References: bsc#982024 CVE-2016-5105

When reading MegaRAID SAS controller configuration via MegaRAID
Firmware Interface(MFI) commands, routine megasas_dcmd_cfg_read
uses an uninitialised local data buffer. Initialise this buffer
to avoid stack information leakage.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Update as per
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04402.html

Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
===================================================================
--- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
+++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
@@ -1210,7 +1210,7 @@ static int megasas_dcmd_ld_get_info(Mega
 
 static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
 {
-    uint8_t data[4096];
+    uint8_t data[4096] = { 0 };
     struct mfi_config_data *info;
     int num_pd_disks = 0, array_offset, ld_offset;
     BusChild *kid;

Places

File CVE-2016-5105-qemuu-scsi-megasas-stack-information-leakage-while-reading-configuration.patch of Package xen.2959

Places