SHA256
1
0
forked from pool/qemu
qemu/0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
Andreas Färber f036a54ad6 Accepting request 441247 from home:bfrogers:branches:Virtualization
Refine the reproducible build changes to no longer override linux commands, but rather fix via patches only. Also fix all the recent security issues reported.

OBS-URL: https://build.opensuse.org/request/show/441247
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=320
2016-11-21 17:05:46 +00:00

36 lines
1.4 KiB
Diff

From 61eb543d366088cebecaf8fead80d1bd32db7cb2 Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate
The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
situation that this field has been allocated previously. Every time, it
will be allocated directly. This leads to a host memory leak issue if
the client sends another Txattrcreate message with the same fid number
before the fid from the previous time got clunked.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, updated the changelog to indicate how the leak can occur]
Signed-off-by: Greg Kurz <groug@kaod.org>
(cherry picked from commit ff55e94d23ae94c8628b0115320157c763eb3e06)
[BR: CVE-2016-9102 BSC#1007450]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/9pfs/9p.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index af32464..aa2b8c0 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3270,6 +3270,7 @@ static void v9fs_xattrcreate(void *opaque)
xattr_fidp->fs.xattr.flags = flags;
v9fs_string_init(&xattr_fidp->fs.xattr.name);
v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
+ g_free(xattr_fidp->fs.xattr.value);
xattr_fidp->fs.xattr.value = g_malloc0(size);
err = offset;
put_fid(pdu, file_fidp);