rpm/qemu
SHA256
1
0
Fork 0
forked from pool/qemu
Code Pull Requests Activity
aa166ca60f
qemu/0050-scsi-megasas-null-terminate-bios-ve.patch
Andreas Färber 8c721a87ae Accepting request 408549 from home:algraf:branches:Virtualization 
- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped:
  0002-XXX-work-around-SA_RESTART-race-wit.patch
  0003-qemu-0.9.0.cvs-binfmt.patch
  0004-qemu-cvs-alsa_bitfield.patch
  0005-qemu-cvs-alsa_ioctl.patch
  0006-qemu-cvs-alsa_mmap.patch
  0007-qemu-cvs-gettimeofday.patch
  0008-qemu-cvs-ioctl_debug.patch
  0009-qemu-cvs-ioctl_nodirection.patch
  0010-block-vmdk-Support-creation-of-SCSI.patch
  0011-linux-user-add-binfmt-wrapper-for-a.patch
  0012-PPC-KVM-Disable-mmu-notifier-check.patch
  0013-linux-user-fix-segfault-deadlock.patch
  0014-linux-user-binfmt-support-host-bina.patch
  0015-linux-user-Ignore-broken-loop-ioctl.patch
  0016-linux-user-lock-tcg.patch
  0017-linux-user-Run-multi-threaded-code-.patch
  0018-linux-user-lock-tb-flushing-too.patch
  0019-linux-user-Fake-proc-cpuinfo.patch
  0020-linux-user-implement-FS_IOC_GETFLAG.patch
  0021-linux-user-implement-FS_IOC_SETFLAG.patch
  0022-linux-user-XXX-disable-fiemap.patch
  0023-slirp-nooutgoing.patch
  0024-vnc-password-file-and-incoming-conn.patch
  0025-linux-user-add-more-blk-ioctls.patch
  0026-linux-user-use-target_ulong.patch
  0027-block-Add-support-for-DictZip-enabl.patch
  0028-block-Add-tar-container-format.patch

OBS-URL: https://build.opensuse.org/request/show/408549
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=305
2016-07-14 15:50:35 +00:00

33 lines
1.3 KiB
Diff
Raw Blame History

From e7b653272e0242843f39b9b8d65694c29028fdf5 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Tue, 7 Jun 2016 16:44:03 +0530
Subject: [PATCH] scsi: megasas: null terminate bios version buffer
While reading information via 'megasas_ctrl_get_info' routine,
a local bios version buffer isn't null terminated. Add the
terminating null byte to avoid any OOB access.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 844864fbae66935951529408831c2f22367a57b6)
[BR: CVE-2016-5337 BSC#983961]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/scsi/megasas.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 96aee1c..893448b 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -773,6 +773,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
ptr = memory_region_get_ram_ptr(&pci_dev->rom);
memcpy(biosver, ptr + 0x41, 31);
+ biosver[31] = 0;
memcpy(info.image_component[1].name, "BIOS", 4);
memcpy(info.image_component[1].version, biosver,
strlen((const char *)biosver));
View Git Blame Copy Permalink