debian/patches/extra/CVE-2016-9102-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch

   1 From f132108afabf074403afadf822ad2d2275d115cd Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liqiang6-s@360.cn>
   3 Date: Mon, 17 Oct 2016 14:13:58 +0200
   4 Subject: [PATCH 5/8] 9pfs: fix memory leak in v9fs_xattrcreate
   5
   6 The 'fs.xattr.value' field in V9fsFidState object doesn't consider the
   7 situation that this field has been allocated previously. Every time, it
   8 will be allocated directly. This leads to a host memory leak issue if
   9 the client sends another Txattrcreate message with the same fid number
  10 before the fid from the previous time got clunked.
  11
  12 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
  13 Reviewed-by: Greg Kurz <groug@kaod.org>
  14 [groug, updated the changelog to indicate how the leak can occur]
  15 Signed-off-by: Greg Kurz <groug@kaod.org>
  16 ---
  17  hw/9pfs/9p.c | 1 +
  18  1 file changed, 1 insertion(+)
  19
  20 diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
  21 index 3becdd0..f5af4e3 100644
  22 --- a/hw/9pfs/9p.c
  23 +++ b/hw/9pfs/9p.c
  24 @@ -3269,6 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
  25      xattr_fidp->fs.xattr.flags = flags;
  26      v9fs_string_init(&xattr_fidp->fs.xattr.name);
  27      v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
  28 +    g_free(xattr_fidp->fs.xattr.value);
  29      xattr_fidp->fs.xattr.value = g_malloc0(size);
  30      err = offset;
  31      put_fid(pdu, file_fidp);
  32 --
  33 2.1.4
  34