projects / pve-qemu.git / blame
| Commit | Line | Data |
|---|---|---|
| e74c0f31 | 1 | From 74f9fd9420fadd64a42ee8de780dc6de61864ea8 Mon Sep 17 00:00:00 2001 |
| 90a6d957 WB |
2 | From: Gerd Hoffmann <kraxel@redhat.com> |
| 3 | Date: Fri, 28 Apr 2017 09:56:12 +0200 | |
| e74c0f31 | 4 | Subject: [PATCH 12/23] audio: release capture buffers |
| 90a6d957 WB |
5 | |
| 6 | AUD_add_capture() allocates two buffers which are never released. | |
| 7 | Add the missing calls to AUD_del_capture(). | |
| 8 | ||
| 9 | Impact: Allows vnc clients to exhaust host memory by repeatedly | |
| 10 | starting and stopping audio capture. | |
| 11 | ||
| 12 | Fixes: CVE-2017-8309 | |
| 13 | Cc: P J P <ppandit@redhat.com> | |
| 14 | Cc: Huawei PSIRT <PSIRT@huawei.com> | |
| 15 | Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com> | |
| 16 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | |
| 17 | Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> | |
| 18 | Message-id: 20170428075612.9997-1-kraxel@redhat.com | |
| 19 | --- | |
| 20 | audio/audio.c | 2 ++ | |
| 21 | 1 file changed, 2 insertions(+) | |
| 22 | ||
| 23 | diff --git a/audio/audio.c b/audio/audio.c | |
| 24 | index c8898d8422..beafed209b 100644 | |
| 25 | --- a/audio/audio.c | |
| 26 | +++ b/audio/audio.c | |
| 27 | @@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) | |
| 28 | sw = sw1; | |
| 29 | } | |
| 30 | QLIST_REMOVE (cap, entries); | |
| 31 | + g_free (cap->hw.mix_buf); | |
| 32 | + g_free (cap->buf); | |
| 33 | g_free (cap); | |
| 34 | } | |
| 35 | return; | |
| 36 | -- | |
| 37 | 2.11.0 | |
| 38 |