+++ /dev/null
-From b0363f4c0e91671064dd7ffece8a6923c8dcaf20 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Thu, 17 Dec 2015 17:47:15 +0530
-Subject: [PATCH] hmp: avoid redundant null termination of buffer
-
-When processing 'sendkey' command, hmp_sendkey routine null
-terminates the 'keyname_buf' array. This results in an OOB write
-issue, if 'keyname_len' was to fall outside of 'keyname_buf' array.
-Removed the redundant null termination, as pstrcpy routine already
-null terminates the target buffer.
-
-Reported-by: Ling Liu <liuling-it@360.cn>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
----
- hmp.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/hmp.c b/hmp.c
-index 2140605..e530c9c 100644
---- a/hmp.c
-+++ b/hmp.c
-@@ -1746,9 +1746,7 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
- /* Be compatible with old interface, convert user inputted "<" */
- if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
- pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
-- keyname_len = 4;
- }
-- keyname_buf[keyname_len] = 0;
-
- keylist = g_malloc0(sizeof(*keylist));
- keylist->value = g_malloc0(sizeof(*keylist->value));
---
-2.4.3
-===
CVE-2015-8558-ehci_make_idt_processing_more_robust.patch
vmxnet3-host-memory-leakage.patch
CVE-2015-8613-scsi-initialize-info-object.patch
-CVE-2015-8619-hmp-oob-write.patch
CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch
CVE-2015-8701-net-rocker-off-by-one.patch
CVE-2015-8743-ne2000-ioport-bounds-check.patch
projects / pve-qemu-kvm.git / commitdiff