File CVE-2016-2198-qemuu-usb-ehci-null-pointer-deref... of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch of Package xen (Revision 9875da17792a203c93f49913fa35874a)

Currently displaying revision 9875da17792a203c93f49913fa35874a , Show latest

References: bsc#964415 CVE-2016-2198

USB Ehci emulation supports host controller capability registers.
But its mmio '.write' function was missing, which lead to a null
pointer dereference issue. Add a do nothing 'ehci_caps_write'
definition to avoid it; Do nothing because capability registers
are Read Only(RO).

Reported-by: Zuozhi Fzz <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/usb/hcd-ehci.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: xen-4.6.0-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
===================================================================
--- xen-4.6.0-testing.orig/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
+++ xen-4.6.0-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c
@@ -899,6 +899,11 @@ static uint64_t ehci_caps_read(void *ptr
     return s->caps[addr];
 }
 
+static void ehci_caps_write(void *ptr, hwaddr addr,
+                             uint64_t val, unsigned size)
+{
+}
+
 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
                                 unsigned size)
 {
@@ -2317,6 +2322,7 @@ static void ehci_frame_timer(void *opaqu
 
 static const MemoryRegionOps ehci_mmio_caps_ops = {
     .read = ehci_caps_read,
+    .write = ehci_caps_write,
     .valid.min_access_size = 1,
     .valid.max_access_size = 4,
     .impl.min_access_size = 1,

Places

File CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch of Package xen (Revision 9875da17792a203c93f49913fa35874a)

Places