Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen
CVE-2018-12617-qemuu-guest-agent-integer-overfl...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-12617-qemuu-guest-agent-integer-overflow-causes-segmentation-fault.patch of Package xen
While reading file content via 'guest-file-read' command, 'qmp_guest_file_read' routine allocates buffer of count+1 bytes. It could overflow for large values of 'count'. Add check to avoid it. Reported-by: Fakhri Zulkifli <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- qga/commands-posix.c | 2 +- qga/commands-win32.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/qga/commands-posix.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/qga/commands-posix.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/qga/commands-posix.c @@ -440,7 +440,7 @@ struct GuestFileRead *qmp_guest_file_rea if (!has_count) { count = QGA_READ_COUNT_DEFAULT; - } else if (count < 0) { + } else if (count < 0 || count >= UINT32_MAX) { error_setg(err, "value '%" PRId64 "' is invalid for argument count", count); return NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor