debian/patches/extra/CVE-2016-9845-virtio-gpu-fix-information-leak-in-getting-capset-in.patch

   1 From 71ee39ea06cbcbd1971213aa1f3a9036c50b6a57 Mon Sep 17 00:00:00 2001
   2 From: Li Qiang <liqiang6-s@360.cn>
   3 Date: Tue, 1 Nov 2016 02:53:11 -0700
   4 Subject: [PATCH 02/12] virtio-gpu: fix information leak in getting capset info
   5  dispatch
   6 MIME-Version: 1.0
   7 Content-Type: text/plain; charset=UTF-8
   8 Content-Transfer-Encoding: 8bit
   9
  10 In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
  11 been full initialized before writing to the guest. This will leak
  12 the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
  13 patch fix this issue.
  14
  15 Signed-off-by: Li Qiang <liqiang6-s@360.cn>
  16 Message-id: 5818661e.0860240a.77264.7a56@mx.google.com
  17 Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
  18 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
  19 ---
  20  hw/display/virtio-gpu-3d.c | 1 +
  21  1 file changed, 1 insertion(+)
  22
  23 diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
  24 index 758d33a..23f39de 100644
  25 --- a/hw/display/virtio-gpu-3d.c
  26 +++ b/hw/display/virtio-gpu-3d.c
  27 @@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
  28
  29      VIRTIO_GPU_FILL_CMD(info);
  30
  31 +    memset(&resp, 0, sizeof(resp));
  32      if (info.capset_index == 0) {
  33          resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
  34          virgl_renderer_get_cap_set(resp.capset_id,
  35 --
  36 2.1.4
  37