39 lines
1.1 KiB
Diff
39 lines
1.1 KiB
Diff
Fix CVE-2017-10806:
|
|
|
|
https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1468496
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
|
|
https://security-tracker.debian.org/tracker/CVE-2017-10806
|
|
|
|
Patch copied from upstream source repository:
|
|
|
|
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
|
|
|
|
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
|
|
index b001a27f05..ad5ef783a6 100644
|
|
--- a/hw/usb/redirect.c
|
|
+++ b/hw/usb/redirect.c
|
|
@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
|
|
static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
|
|
const uint8_t *data, int len)
|
|
{
|
|
- int i, j, n;
|
|
-
|
|
if (dev->debug < usbredirparser_debug_data) {
|
|
return;
|
|
}
|
|
-
|
|
- for (i = 0; i < len; i += j) {
|
|
- char buf[128];
|
|
-
|
|
- n = sprintf(buf, "%s", desc);
|
|
- for (j = 0; j < 8 && i + j < len; j++) {
|
|
- n += sprintf(buf + n, " %02X", data[i + j]);
|
|
- }
|
|
- error_report("%s", buf);
|
|
- }
|
|
+ qemu_hexdump((char *)data, stderr, desc, len);
|
|
}
|
|
|
|
/*
|