Reference: bsc#961358 CVE-2015-8613

From: Prasad J Pandit <address@hidden>
Date: Mon, 21 Dec 2015 14:48:18 +0530
Subject: [PATCH] scsi: initialise info object with appropriate size

While processing controller 'CTRL_GET_INFO' command, the routine
'megasas_ctrl_get_info' overflows the '&info' object size. Use its
appropriate size to null initialise it.

Reported-by: Qinghao Tang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xen-4.6.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
===================================================================
--- xen-4.6.0-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
+++ xen-4.6.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
@@ -721,7 +721,7 @@ static int megasas_ctrl_get_info(Megasas
     BusChild *kid;
     int num_pd_disks = 0;
 
-    memset(&info, 0x0, cmd->iov_size);
+    memset(&info, 0x0, dcmd_size);
     if (cmd->iov_size < dcmd_size) {
         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
                                             dcmd_size);