[Qemu-devel] [PULL 18/18] nbd/client: fix drop

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 18/18] nbd/client: fix drop_sync [CVE-2017-2630]

From:	Paolo Bonzini
Subject:	[Qemu-devel] [PULL 18/18] nbd/client: fix drop_sync [CVE-2017-2630]
Date:	Tue, 14 Mar 2017 17:18:20 +0100

From: Vladimir Sementsov-Ogievskiy <address@hidden>

Comparison symbol is misused. It may lead to memory corruption.
Introduced in commit 7d3123e.

Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
[eblake: add CVE details, update conditional]
Signed-off-by: Eric Blake <address@hidden>
Reviewed-by: Marc-AndrÃ© Lureau <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
 nbd/client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbd/client.c b/nbd/client.c
index 5c9dee3..3dc2564 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
     char small[1024];
     char *buffer;
 
-    buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
+    buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
     while (size > 0) {
         ssize_t count = read_sync(ioc, buffer, MIN(65536, size));
 
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 03/18] mem-prealloc: reduce large guest start-up and migration time., (continued)
- [Qemu-devel] [PULL 03/18] mem-prealloc: reduce large guest start-up and migration time., Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 06/18] kvmclock: Don't crash QEMU if KVM is disabled, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 01/18] memory_region: Fix name comments, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 08/18] configure: add the missing help output for optional features, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 07/18] scripts/dump-guest-memory.py: fix int128_get64 on recent gcc, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 09/18] util: Removed unneeded header from path.c, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 12/18] qemu-timer: fix off-by-one, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 13/18] qemu-timer: do not include sysemu/cpus.h from util/qemu-timer.h, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 14/18] cpus: define QEMUTimerListNotifyCB for QEMU system emulation, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 16/18] icount: process QEMU_CLOCK_VIRTUAL timers in vCPU thread, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 18/18] nbd/client: fix drop_sync [CVE-2017-2630], Paolo Bonzini <=
  - Re: [Qemu-devel] [PULL 18/18] nbd/client: fix drop_sync [CVE-2017-2630], Eric Blake, 2017/03/14
- [Qemu-devel] [PULL 11/18] target/nios2: take BQL around interrupt check, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 10/18] scsi: mptsas: fix the wrong reading size in fetch request, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 17/18] memory: info mtree check mr range overflow, Paolo Bonzini, 2017/03/14
- [Qemu-devel] [PULL 15/18] main-loop: remove now unnecessary optimization, Paolo Bonzini, 2017/03/14
- Re: [Qemu-devel] [PULL 00/18] Misc patches for QEMU 2.9 hard freeze, Peter Maydell, 2017/03/14

Prev by Date: [Qemu-devel] [PULL 16/18] icount: process QEMU_CLOCK_VIRTUAL timers in vCPU thread
Next by Date: [Qemu-devel] [PULL 11/18] target/nios2: take BQL around interrupt check
Previous by thread: [Qemu-devel] [PULL 16/18] icount: process QEMU_CLOCK_VIRTUAL timers in vCPU thread
Next by thread: Re: [Qemu-devel] [PULL 18/18] nbd/client: fix drop_sync [CVE-2017-2630]
Index(es):
- Date
- Thread