diff options
author | Matthias Maier <tamiko@gentoo.org> | 2017-04-12 00:01:44 -0500 |
---|---|---|
committer | Matthias Maier <tamiko@gentoo.org> | 2017-04-12 00:03:12 -0500 |
commit | a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7 (patch) | |
tree | 917371eef120686739f5ddb482e7dcee7f72fd38 /app-emulation/qemu | |
parent | app-emulation/qemu: version bump to 2.8.1 (diff) | |
download | gentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.tar.gz gentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.tar.bz2 gentoo-a583bc5ee0c01d906b5cb29e5aeb428f0a39a1f7.zip |
app-emulation/qemu: apply patch for CVE-2017-7377, bug #614744
Package-Manager: Portage-2.3.5, Repoman-2.3.2
Diffstat (limited to 'app-emulation/qemu')
-rw-r--r-- | app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch | 49 | ||||
-rw-r--r-- | app-emulation/qemu/qemu-2.8.0-r10.ebuild | 1 | ||||
-rw-r--r-- | app-emulation/qemu/qemu-2.8.1.ebuild | 1 |
3 files changed, 51 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch new file mode 100644 index 000000000000..f2d317c3c946 --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.8.0-CVE-2017-7377.patch @@ -0,0 +1,49 @@ +From d63fb193e71644a073b77ff5ac6f1216f2f6cf6e Mon Sep 17 00:00:00 2001 +From: Li Qiang <liq3ea@gmail.com> +Date: Mon, 27 Mar 2017 21:13:19 +0200 +Subject: [PATCH] 9pfs: fix file descriptor leak + +The v9fs_create() and v9fs_lcreate() functions are used to create a file +on the backend and to associate it to a fid. The fid shouldn't be already +in-use, otherwise both functions may silently leak a file descriptor or +allocated memory. The current code doesn't check that. + +This patch ensures that the fid isn't already associated to anything +before using it. + +Signed-off-by: Li Qiang <liqiang6-s@360.cn> +(reworded the changelog, Greg Kurz) +Signed-off-by: Greg Kurz <groug@kaod.org> +--- + hw/9pfs/9p.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index b8c0b99..48babce 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque) + err = -ENOENT; + goto out_nofid; + } ++ if (fidp->fid_type != P9_FID_NONE) { ++ err = -EINVAL; ++ goto out; ++ } + + flags = get_dotl_openflags(pdu->s, flags); + err = v9fs_co_open2(pdu, fidp, &name, gid, +@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque) + err = -EINVAL; + goto out_nofid; + } ++ if (fidp->fid_type != P9_FID_NONE) { ++ err = -EINVAL; ++ goto out; ++ } + if (perm & P9_STAT_MODE_DIR) { + err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777, + fidp->uid, -1, &stbuf); +-- +2.10.2 + diff --git a/app-emulation/qemu/qemu-2.8.0-r10.ebuild b/app-emulation/qemu/qemu-2.8.0-r10.ebuild index 8c8c3bdb8204..4e6a2220fba3 100644 --- a/app-emulation/qemu/qemu-2.8.0-r10.ebuild +++ b/app-emulation/qemu/qemu-2.8.0-r10.ebuild @@ -218,6 +218,7 @@ PATCHES=( "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6058.patch #609638 "${FILESDIR}"/${PN}-2.8.0-CVE-2017-2620.patch #609206 "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220 + "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744 "${S}-CVE-2016-9602-patches" ) diff --git a/app-emulation/qemu/qemu-2.8.1.ebuild b/app-emulation/qemu/qemu-2.8.1.ebuild index f4352217474d..60572f21d30a 100644 --- a/app-emulation/qemu/qemu-2.8.1.ebuild +++ b/app-emulation/qemu/qemu-2.8.1.ebuild @@ -208,6 +208,7 @@ PATCHES=( "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5973.patch #609334 "${FILESDIR}"/${PN}-2.8.0-CVE-2017-5987.patch #609398 "${FILESDIR}"/${PN}-2.8.0-CVE-2017-6505.patch #612220 + "${FILESDIR}"/${PN}-2.8.0-CVE-2017-7377.patch #614744 ) STRIP_MASK="/usr/share/qemu/palcode-clipper" |