debian/patches/extra/CVE-2016-9103-9pfs-fix-information-leak-in-xattr-read.patch

   1 From 644566ea6fe2896b6b171797cfe6e7219939d968 Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liqiang6-s@360.cn>
   3 Date: Mon, 17 Oct 2016 14:13:58 +0200
   4 Subject: [PATCH 4/8] 9pfs: fix information leak in xattr read
   5
   6 9pfs uses g_malloc() to allocate the xattr memory space, if the guest
   7 reads this memory before writing to it, this will leak host heap memory
   8 to the guest. This patch avoid this.
   9
  10 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
  11 Reviewed-by: Greg Kurz <groug@kaod.org>
  12 Signed-off-by: Greg Kurz <groug@kaod.org>
  13 ---
  14  hw/9pfs/9p.c | 2 +-
  15  1 file changed, 1 insertion(+), 1 deletion(-)
  16
  17 diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
  18 index 75ba5f1..3becdd0 100644
  19 --- a/hw/9pfs/9p.c
  20 +++ b/hw/9pfs/9p.c
  21 @@ -3269,7 +3269,7 @@ static void v9fs_xattrcreate(void *opaque)
  22      xattr_fidp->fs.xattr.flags = flags;
  23      v9fs_string_init(&xattr_fidp->fs.xattr.name);
  24      v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
  25 -    xattr_fidp->fs.xattr.value = g_malloc(size);
  26 +    xattr_fidp->fs.xattr.value = g_malloc0(size);
  27      err = offset;
  28      put_fid(pdu, file_fidp);
  29  out_nofid:
  30 --
  31 2.1.4
  32