refer to the new repository

[pve-qemu-kvm.git] / debian / patches / old / CVE-2015-8619-hmp-sendkey-oob-fix.patch

diff --git a/debian/patches/old/CVE-2015-8619-hmp-sendkey-oob-fix.patch b/debian/patches/old/CVE-2015-8619-hmp-sendkey-oob-fix.patch
deleted file mode 100644 (file)
index 78aea0c..0000000
--- a/debian/patches/old/CVE-2015-8619-hmp-sendkey-oob-fix.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 8da4a3bf8fb076314f986a0d58cb94f5458e3659 Mon Sep 17 00:00:00 2001
-From: Wolfgang Bumiller <w.bumiller@proxmox.com>
-Date: Mon, 11 Jan 2016 08:21:25 +0100
-Subject: [PATCH] hmp: fix sendkey out of bounds write (CVE-2015-8619)
-
-When processing 'sendkey' command, hmp_sendkey routine null
-terminates the 'keyname_buf' array. This results in an OOB
-write issue, if 'keyname_len' was to fall outside of
-'keyname_buf' array.
-
-Now checking the length against the buffer size before using
-it.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
----
- hmp.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/hmp.c b/hmp.c
-index c2b2c16..0c7a04c 100644
---- a/hmp.c
-+++ b/hmp.c
-@@ -1749,6 +1749,8 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
-     while (1) {
-         separator = strchr(keys, '-');
-         keyname_len = separator ? separator - keys : strlen(keys);
-+        if (keyname_len >= sizeof(keyname_buf))
-+            goto err_out;
-         pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
- 
-         /* Be compatible with old interface, convert user inputted "<" */
-@@ -1800,7 +1802,7 @@ out:
-     return;
- 
- err_out:
--    monitor_printf(mon, "invalid parameter: %s\n", keyname_buf);
-+    monitor_printf(mon, "invalid parameter: %s\n", keys);
-     goto out;
- }
- 
--- 
-2.1.4
-