From bde70caa0624bc2ca2de7a183b00e9c455ddd803 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 10 Oct 2016 22:29:43 +0300 Subject: gnu: qemu: Patch CVE-2016-857{6,7,8}. * gnu/packages/qemu.scm (qemu)[source]: Add patches. * gnu/packages/patches/qemu-CVE-2016-8576.patch, gnu/packages/patches/qemu-CVE-2016-8577.patch, gnu/packages/patches/qemu-CVE-2016-8578.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/packages/patches/qemu-CVE-2016-8578.patch | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 gnu/packages/patches/qemu-CVE-2016-8578.patch (limited to 'gnu/packages/patches/qemu-CVE-2016-8578.patch') diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch new file mode 100644 index 0000000000..92ba365727 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-8578.patch @@ -0,0 +1,27 @@ +From: Li Qiang + +In 9pfs function v9fs_iov_vunmarshal, it will not allocate space +for empty string. This will cause several NULL pointer dereference +issues. this patch fix this issue. + +Signed-off-by: Li Qiang +--- + fsdev/9p-iov-marshal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c +index 663cad5..1d16f8d 100644 +--- a/fsdev/9p-iov-marshal.c ++++ b/fsdev/9p-iov-marshal.c +@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset, + str->data = g_malloc(str->size + 1); + copied = v9fs_unpack(str->data, out_sg, out_num, offset, + str->size); +- if (copied > 0) { ++ if (copied >= 0) { + str->data[str->size] = 0; + } else { + v9fs_string_free(str); +-- +1.8.3.1 + -- cgit v1.2.3