debian/patches/extra/CVE-2016-8669-char-serial-check-divider-value-against-baud-base.patch

   1 From 7e0ebfd13e55a706396197437f375692bbf75d15 Mon Sep 17 00:00:00 2001
   2 From: Prasad J Pandit <pjp@fedoraproject.org>
   3 Date: Wed, 12 Oct 2016 11:28:08 +0530
   4 Subject: [PATCH 2/2] char: serial: check divider value against baud base
   5
   6 16550A UART device uses an oscillator to generate frequencies
   7 (baud base), which decide communication speed. This speed could
   8 be changed by dividing it by a divider. If the divider is
   9 greater than the baud base, speed is set to zero, leading to a
  10 divide by zero error. Add check to avoid it.
  11
  12 Reported-by: Huawei PSIRT <psirt@huawei.com>
  13 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
  14 ---
  15  hw/char/serial.c | 3 ++-
  16  1 file changed, 2 insertions(+), 1 deletion(-)
  17
  18 diff --git a/hw/char/serial.c b/hw/char/serial.c
  19 index 3442f47..eec72b7 100644
  20 --- a/hw/char/serial.c
  21 +++ b/hw/char/serial.c
  22 @@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
  23      int speed, parity, data_bits, stop_bits, frame_size;
  24      QEMUSerialSetParams ssp;
  25
  26 -    if (s->divider == 0)
  27 +    if (s->divider == 0 || s->divider > s->baudbase) {
  28          return;
  29 +    }
  30
  31      /* Start bit. */
  32      frame_size = 1;
  33 --
  34 2.1.4
  35