|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-xen master] virtio-gpu: fix information leak in getting capset info dispatch
commit 42a8dadc74f8982fc269e54e3c5627b54d9f83d8
Author: Li Qiang <liqiang6-s@xxxxxx>
AuthorDate: Tue Nov 1 02:53:11 2016 -0700
Commit: Gerd Hoffmann <kraxel@xxxxxxxxxx>
CommitDate: Mon Dec 5 09:37:52 2016 +0100
virtio-gpu: fix information leak in getting capset info dispatch
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
been full initialized before writing to the guest. This will leak
the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
patch fix this issue.
Signed-off-by: Li Qiang <liqiang6-s@xxxxxx>
Message-id: 5818661e.0860240a.77264.7a56@xxxxxxxxxxxxx
Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
---
hw/display/virtio-gpu-3d.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..23f39de 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
VIRTIO_GPU_FILL_CMD(info);
+ memset(&resp, 0, sizeof(resp));
if (info.capset_index == 0) {
resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
virgl_renderer_get_cap_set(resp.capset_id,
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#master
_______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |