[pve-qemu.git] / debian / patches / extra / 0022-9pfs-use-g_malloc0-to-allocate-space-for-xattr.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 16 Oct 2017 14:21:59 +0200
Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr

9p back-end first queries the size of an extended attribute,
allocates space for it via g_malloc() and then retrieves its
value into allocated buffer. Race between querying attribute
size and retrieving its could lead to memory bytes disclosure.
Use g_malloc0() to avoid it.

Reported-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/9pfs/9p.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index c80ba67389..aaf9935ef4 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3220,7 +3220,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
         xattr_fidp->fid_type = P9_FID_XATTR;
         xattr_fidp->fs.xattr.xattrwalk_fid = true;
         if (size) {
-            xattr_fidp->fs.xattr.value = g_malloc(size);
+            xattr_fidp->fs.xattr.value = g_malloc0(size);
             err = v9fs_co_llistxattr(pdu, &xattr_fidp->path,
                                      xattr_fidp->fs.xattr.value,
                                      xattr_fidp->fs.xattr.len);
@@ -3253,7 +3253,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
         xattr_fidp->fid_type = P9_FID_XATTR;
         xattr_fidp->fs.xattr.xattrwalk_fid = true;
         if (size) {
-            xattr_fidp->fs.xattr.value = g_malloc(size);
+            xattr_fidp->fs.xattr.value = g_malloc0(size);
             err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path,
                                     &name, xattr_fidp->fs.xattr.value,
                                     xattr_fidp->fs.xattr.len);
-- 
2.11.0
Commit	Line	Data
3dcc8d3b	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
c53dfb57 WB	2	From: Prasad J Pandit <pjp@fedoraproject.org>
c53dfb57 WB	3	Date: Mon, 16 Oct 2017 14:21:59 +0200
3dcc8d3b	4	Subject: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr
c53dfb57 WB	5
	6	9p back-end first queries the size of an extended attribute,
	7	allocates space for it via g_malloc() and then retrieves its
	8	value into allocated buffer. Race between querying attribute
	9	size and retrieving its could lead to memory bytes disclosure.
	10	Use g_malloc0() to avoid it.
	11
	12	Reported-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
	13	Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
	14	Signed-off-by: Greg Kurz <groug@kaod.org>
	15	---
	16	hw/9pfs/9p.c \| 4 ++--
	17	1 file changed, 2 insertions(+), 2 deletions(-)
	18
	19	diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
	20	index c80ba67389..aaf9935ef4 100644
	21	--- a/hw/9pfs/9p.c
	22	+++ b/hw/9pfs/9p.c
	23	@@ -3220,7 +3220,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
	24	xattr_fidp->fid_type = P9_FID_XATTR;
	25	xattr_fidp->fs.xattr.xattrwalk_fid = true;
	26	if (size) {
	27	- xattr_fidp->fs.xattr.value = g_malloc(size);
	28	+ xattr_fidp->fs.xattr.value = g_malloc0(size);
	29	err = v9fs_co_llistxattr(pdu, &xattr_fidp->path,
	30	xattr_fidp->fs.xattr.value,
	31	xattr_fidp->fs.xattr.len);
	32	@@ -3253,7 +3253,7 @@ static void coroutine_fn v9fs_xattrwalk(void *opaque)
	33	xattr_fidp->fid_type = P9_FID_XATTR;
	34	xattr_fidp->fs.xattr.xattrwalk_fid = true;
	35	if (size) {
	36	- xattr_fidp->fs.xattr.value = g_malloc(size);
	37	+ xattr_fidp->fs.xattr.value = g_malloc0(size);
	38	err = v9fs_co_lgetxattr(pdu, &xattr_fidp->path,
	39	&name, xattr_fidp->fs.xattr.value,
	40	xattr_fidp->fs.xattr.len);
	41	--
	42	2.11.0
	43