summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Maier <tamiko@gentoo.org>2017-04-12 00:01:44 -0500
committerMatthias Maier <tamiko@gentoo.org>2017-04-12 00:03:12 -0500
commita583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7 (patch)
tree917371eef120686739f5ddb482e7dcee7f72fd38 /app-emulation/qemu
parentapp-emulation/qemu: version bump to 2.8.1 (diff)
downloadgentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.tar.gz
gentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.tar.bz2
gentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.zip
app-emulation/qemu: apply patch for CVE-2017-7377, bug #614744
Package-Manager: Portage-2.3.5, Repoman-2.3.2
Diffstat (limited to 'app-emulation/qemu')
-rw-r--r--app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch49
-rw-r--r--app-emulation/qemu/qemu-2.8.0-r10.ebuild1
-rw-r--r--app-emulation/qemu/qemu-2.8.1.ebuild1
3 files changed, 51 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
new file mode 100644
index 000000000000..f2d317c3c946
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch
@@ -0,0 +1,49 @@
+From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Mon, 27 Mar 2017 21:13:19 +0200
+Subject: [PATCH] 9pfs: fix file descriptor leak
+
+The v9fs_create() and v9fs_lcreate() functions are used to create a file
+on the backend and to associate it to a fid. The fid shouldn't be already
+in-use, otherwise both functions may silently leak a file descriptor or
+allocated memory. The current code doesn't check that.
+
+This patch ensures that the fid isn't already associated to anything
+before using it.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+(reworded the changelog, Greg Kurz)
+Signed-off-by: Greg Kurz <groug@kaod.org>
+---
+ hw/9pfs/9p.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
+index b8c0b99..48babce 100644
+--- a/hw/9pfs/9p.c
++++ b/hw/9pfs/9p.c
+@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
+ err = -ENOENT;
+ goto out_nofid;
+ }
++ if (fidp->fid_type != P9_FID_NONE) {
++ err = -EINVAL;
++ goto out;
++ }
+
+ flags = get_dotl_openflags(pdu->s, flags);
+ err = v9fs_co_open2(pdu, fidp, &name, gid,
+@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
+ err = -EINVAL;
+ goto out_nofid;
+ }
++ if (fidp->fid_type != P9_FID_NONE) {
++ err = -EINVAL;
++ goto out;
++ }
+ if (perm & P9_STAT_MODE_DIR) {
+ err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
+ fidp->uid, -1, &stbuf);
+--
+2.10.2
+
diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.8.0-r10.ebuild
index 8c8c3bdb8204..4e6a2220fba3 100644
--- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild
+++ b/app-emulation/qemu/qemu-2.8.0-r10.ebuild
@@ -218,6 +218,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch #609638
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch #609206
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
"${S}-CVE-2016-9602-patches"
)
diff --git a/app-emulation/qemu/qemu-2.8.1.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild
index f4352217474d..60572f21d30a 100644
--- a/app-emulation/qemu/qemu-2.8.1.ebuild
+++ b/app-emulation/qemu/qemu-2.8.1.ebuild
@@ -208,6 +208,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398
"${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220
+ "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744
)
STRIP_MASK="/usr/share/qemu/palcode-clipper"