4f6abaa92b
libxl: error: libxl_dm.c block-dmmd - bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch - bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent cachability flags on guest mappings (XSA-154) xsa154.patch xsa154-fix.patch - bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) xsa170.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=401
28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
References: bsc#967090 CVE-2016-2392
|
|
|
|
When processing remote NDIS control message packets, the USB Net
|
|
device emulator checks to see if the USB configuration descriptor
|
|
object is of RNDIS type(2). But it does not check if it is null,
|
|
which leads to a null dereference error. Add check to avoid it.
|
|
|
|
Reported-by: Qinghao Tang <address@hidden>
|
|
Signed-off-by: Prasad J Pandit <address@hidden>
|
|
---
|
|
hw/usb/dev-network.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
Index: xen-4.6.1-testing/tools/qemu-xen-dir-remote/hw/usb/dev-network.c
|
|
===================================================================
|
|
--- xen-4.6.1-testing.orig/tools/qemu-xen-dir-remote/hw/usb/dev-network.c
|
|
+++ xen-4.6.1-testing/tools/qemu-xen-dir-remote/hw/usb/dev-network.c
|
|
@@ -650,7 +650,8 @@ typedef struct USBNetState {
|
|
|
|
static int is_rndis(USBNetState *s)
|
|
{
|
|
- return s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE;
|
|
+ return s->dev.config ?
|
|
+ s->dev.config->bConfigurationValue == DEV_RNDIS_CONFIG_VALUE : 0;
|
|
}
|
|
|
|
static int ndis_query(USBNetState *s, uint32_t oid,
|