rpms / qemu-kvm-ma

Clone
Source Code
GIT

Blame SOURCES/kvm-slirp-check-sscanf-result-when-emulating-ident.patch

c7 c7-alt c7-beta
  1.   4636b8f50529f1fdbf2415fe6b939f473e05f78f
  2.   SOURCES
  3.   kvm-slirp-check-sscanf-result-when-emulating-ident.patch
Blob History Raw
7711c0 
From cbf833ce3cbbd9162c22573278497e5b8bd1ccb4 Mon Sep 17 00:00:00 2001
7711c0 
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
7711c0 
Date: Tue, 2 Apr 2019 14:03:50 +0200
7711c0 
Subject: [PATCH 131/163] slirp: check sscanf result when emulating ident
7711c0 
MIME-Version: 1.0
7711c0 
Content-Type: text/plain; charset=UTF-8
7711c0 
Content-Transfer-Encoding: 8bit
7711c0
7711c0 
RH-Author: Marc-André Lureau <marcandre.lureau@redhat.com>
7711c0 
Message-id: <20190402140350.5604-1-marcandre.lureau@redhat.com>
7711c0 
Patchwork-id: 85306
7711c0 
O-Subject: [RHEL-7.7 qemu-kvm-rhev PATCH] slirp: check sscanf result when emulating ident
7711c0 
Bugzilla: 1689793
7711c0 
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
7711c0 
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7711c0 
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
7711c0
7711c0 
From: William Bowling <will@wbowling.info>
7711c0
7711c0 
When emulating ident in tcp_emu, if the strchr checks passed but the
7711c0 
sscanf check failed, two uninitialized variables would be copied and
7711c0 
sent in the reply, so move this code inside the if(sscanf()) clause.
7711c0
7711c0 
Signed-off-by: William Bowling <will@wbowling.info>
7711c0 
Cc: qemu-stable@nongnu.org
7711c0 
Cc: secalert@redhat.com
7711c0 
Message-Id: <1551476756-25749-1-git-send-email-will@wbowling.info>
7711c0 
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
7711c0 
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
7711c0
7711c0 
(cherry picked from commit d3222975c7d6cda9e25809dea05241188457b113)
7711c0 
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
7711c0 
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
7711c0 
---
7711c0 
 slirp/tcp_subr.c | 10 +++++-----
7711c0 
 1 file changed, 5 insertions(+), 5 deletions(-)
7711c0
7711c0 
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
7711c0 
index da0d537..98ceb4f 100644
7711c0 
--- a/slirp/tcp_subr.c
7711c0 
+++ b/slirp/tcp_subr.c
7711c0 
@@ -660,12 +660,12 @@ tcp_emu(struct socket *so, struct mbuf *m)
7711c0 
 							break;
7711c0 
 						}
7711c0 
 					}
7711c0 
+					so_rcv->sb_cc = snprintf(so_rcv->sb_data,
7711c0 
+								 so_rcv->sb_datalen,
7711c0 
+								 "%d,%d\r\n", n1, n2);
7711c0 
+					so_rcv->sb_rptr = so_rcv->sb_data;
7711c0 
+					so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
7711c0 
 				}
7711c0 
-                                so_rcv->sb_cc = snprintf(so_rcv->sb_data,
7711c0 
-                                                         so_rcv->sb_datalen,
7711c0 
-                                                         "%d,%d\r\n", n1, n2);
7711c0 
-				so_rcv->sb_rptr = so_rcv->sb_data;
7711c0 
-				so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
7711c0 
 			}
7711c0 
 			m_free(m);
7711c0 
 			return 0;
7711c0 
--
7711c0 
1.8.3.1
7711c0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation