gnu: qemu: Fix CVE-2017-11334.
* gnu/packages/patches/qemu-CVE-2017-11334.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/virtualization.scm (qemu)[source]: Use it.
This commit is contained in:
parent
144c8db9bd
commit
4c4485f304
|
@ -975,6 +975,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/qemu-CVE-2017-8379.patch \
|
||||
%D%/packages/patches/qemu-CVE-2017-8380.patch \
|
||||
%D%/packages/patches/qemu-CVE-2017-9524.patch \
|
||||
%D%/packages/patches/qemu-CVE-2017-11334.patch \
|
||||
%D%/packages/patches/qt4-ldflags.patch \
|
||||
%D%/packages/patches/qtscript-disable-tests.patch \
|
||||
%D%/packages/patches/quagga-reproducible-build.patch \
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
Fix CVE-2017-11334:
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1471638
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
|
||||
|
||||
From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
|
||||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Wed, 12 Jul 2017 18:08:40 +0530
|
||||
Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
|
||||
|
||||
When accessing guest's ram block during DMA operation, use
|
||||
'qemu_ram_ptr_length' to get ram block pointer. It ensures
|
||||
that DMA operation of given length is possible; And avoids
|
||||
any OOB memory access situations.
|
||||
|
||||
Reported-by: Alex <broscutamaker@gmail.com>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
exec.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/exec.c b/exec.c
|
||||
index a083ff89ad..ad103ce483 100644
|
||||
--- a/exec.c
|
||||
+++ b/exec.c
|
||||
@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
|
||||
}
|
||||
} else {
|
||||
/* RAM case */
|
||||
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
|
||||
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
|
||||
memcpy(ptr, buf, l);
|
||||
invalidate_and_set_dirty(mr, addr1, l);
|
||||
}
|
||||
@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
|
||||
}
|
||||
} else {
|
||||
/* RAM case */
|
||||
- ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
|
||||
+ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
|
||||
memcpy(buf, ptr, l);
|
||||
}
|
||||
|
||||
--
|
||||
2.13.3
|
||||
|
|
@ -81,7 +81,8 @@
|
|||
"qemu-CVE-2017-8309.patch"
|
||||
"qemu-CVE-2017-8379.patch"
|
||||
"qemu-CVE-2017-8380.patch"
|
||||
"qemu-CVE-2017-9524.patch"))
|
||||
"qemu-CVE-2017-9524.patch"
|
||||
"qemu-CVE-2017-11334.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))
|
||||
|
|
Loading…
Reference in New Issue