[pve-qemu-kvm.git] / debian / patches / extra / CVE-2016-9102-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch

From f132108afabf074403afadf822ad2d2275d115cd Mon Sep 17 00:00:00 2001
From: Li Qiang <liqiang6-s@360.cn>
Date: Mon, 17 Oct 2016 14:13:58 +0200
Subject: [PATCH 5/8] 9pfs: fix memory leak in v9fs_xattrcreate

The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
situation that this field has been allocated previously. Every time, it
will be allocated directly. This leads to a host memory leak issue if
the client sends another Txattrcreate message with the same fid number
before the fid from the previous time got clunked.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Greg Kurz <groug@kaod.org>
[groug, updated the changelog to indicate how the leak can occur]
Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/9pfs/9p.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 3becdd0..f5af4e3 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
     xattr_fidp->fs.xattr.flags = flags;
     v9fs_string_init(&xattr_fidp->fs.xattr.name);
     v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
+    g_free(xattr_fidp->fs.xattr.value);
     xattr_fidp->fs.xattr.value = g_malloc0(size);
     err = offset;
     put_fid(pdu, file_fidp);
-- 
2.1.4
Commit	Line	Data
d37b5565 WB	1	From f132108afabf074403afadf822ad2d2275d115cd Mon Sep 17 00:00:00 2001
	2	From: Li Qiang <liqiang6-s@360.cn>
	3	Date: Mon, 17 Oct 2016 14:13:58 +0200
	4	Subject: [PATCH 5/8] 9pfs: fix memory leak in v9fs_xattrcreate
	5
	6	The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
	7	situation that this field has been allocated previously. Every time, it
	8	will be allocated directly. This leads to a host memory leak issue if
	9	the client sends another Txattrcreate message with the same fid number
	10	before the fid from the previous time got clunked.
	11
	12	Signed-off-by: Li Qiang <liqiang6-s@360.cn>
	13	Reviewed-by: Greg Kurz <groug@kaod.org>
	14	[groug, updated the changelog to indicate how the leak can occur]
	15	Signed-off-by: Greg Kurz <groug@kaod.org>
	16	---
	17	hw/9pfs/9p.c \| 1 +
	18	1 file changed, 1 insertion(+)
	19
	20	diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
	21	index 3becdd0..f5af4e3 100644
	22	--- a/hw/9pfs/9p.c
	23	+++ b/hw/9pfs/9p.c
	24	@@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
	25	xattr_fidp->fs.xattr.flags = flags;
	26	v9fs_string_init(&xattr_fidp->fs.xattr.name);
	27	v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
	28	+ g_free(xattr_fidp->fs.xattr.value);
	29	xattr_fidp->fs.xattr.value = g_malloc0(size);
	30	err = offset;
	31	put_fid(pdu, file_fidp);
	32	--
	33	2.1.4
	34