qemu/0063-i2c-ddc-fix-oob-read.patch

From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 8 Jan 2019 11:23:01 +0100
Subject: i2c-ddc: fix oob read
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Suggested-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190108102301.1957-1-kraxel@redhat.com
(cherry picked from commit b05b267840515730dbf6753495d5b7bd8b04ad1c)
[BR: BSC#1125721 CVE-2019-3812]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/i2c/i2c-ddc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c
index be34fe072c..0a0367ff38 100644
--- a/hw/i2c/i2c-ddc.c
+++ b/hw/i2c/i2c-ddc.c
@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)
     I2CDDCState *s = I2CDDC(i2c);
 
     int value;
-    value = s->edid_blob[s->reg];
+    value = s->edid_blob[s->reg % sizeof(s->edid_blob)];
     s->reg++;
     return value;
 }
Accepting request 688939 from home:bfrogers:branches:Virtualization - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0061-slirp-check-sscanf-result-when-emul.patch 0062-ppc-add-host-serial-and-host-model-.patch 0063-i2c-ddc-fix-oob-read.patch - Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 OBS-URL: https://build.opensuse.org/request/show/688939 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=460 2019-03-27 04:57:07 +01:00			`From: Gerd Hoffmann <kraxel@redhat.com>`
			`Date: Tue, 8 Jan 2019 11:23:01 +0100`
			`Subject: i2c-ddc: fix oob read`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Suggested-by: Michael Hanselmann <public@hansmi.ch>`
			`Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>`
			`Reviewed-by: Michael Hanselmann <public@hansmi.ch>`
			`Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>`
			`Message-id: 20190108102301.1957-1-kraxel@redhat.com`
			`(cherry picked from commit b05b267840515730dbf6753495d5b7bd8b04ad1c)`
			`[BR: BSC#1125721 CVE-2019-3812]`
			`Signed-off-by: Bruce Rogers <brogers@suse.com>`
			`---`
			`hw/i2c/i2c-ddc.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/hw/i2c/i2c-ddc.c b/hw/i2c/i2c-ddc.c`
			`index be34fe072c..0a0367ff38 100644`
			`--- a/hw/i2c/i2c-ddc.c`
			`+++ b/hw/i2c/i2c-ddc.c`
			`@@ -56,7 +56,7 @@ static int i2c_ddc_rx(I2CSlave *i2c)`
			`I2CDDCState *s = I2CDDC(i2c);`

			`int value;`
			`- value = s->edid_blob[s->reg];`
			`+ value = s->edid_blob[s->reg % sizeof(s->edid_blob)];`
			`s->reg++;`
			`return value;`
			`}`