guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: qemu: Fix CVE-2017-11334.


From: Leo Famulari
Subject: 02/02: gnu: qemu: Fix CVE-2017-11334.
Date: Mon, 17 Jul 2017 23:47:40 -0400 (EDT)

lfam pushed a commit to branch master
in repository guix.

commit 4c4485f30491a03040bd3081e1e3d3dc9e9b7716
Author: Leo Famulari <address@hidden>
Date:   Mon Jul 17 22:14:29 2017 -0400

    gnu: qemu: Fix CVE-2017-11334.
    
    * gnu/packages/patches/qemu-CVE-2017-11334.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/virtualization.scm (qemu)[source]: Use it.
---
 gnu/local.mk                                   |  1 +
 gnu/packages/patches/qemu-CVE-2017-11334.patch | 52 ++++++++++++++++++++++++++
 gnu/packages/virtualization.scm                |  3 +-
 3 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index e739529..7d9b2f8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -975,6 +975,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/qemu-CVE-2017-8379.patch                        \
   %D%/packages/patches/qemu-CVE-2017-8380.patch                        \
   %D%/packages/patches/qemu-CVE-2017-9524.patch                        \
+  %D%/packages/patches/qemu-CVE-2017-11334.patch               \
   %D%/packages/patches/qt4-ldflags.patch                       \
   %D%/packages/patches/qtscript-disable-tests.patch            \
   %D%/packages/patches/quagga-reproducible-build.patch          \
diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch 
b/gnu/packages/patches/qemu-CVE-2017-11334.patch
new file mode 100644
index 0000000..cb68c80
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch
@@ -0,0 +1,52 @@
+Fix CVE-2017-11334:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1471638
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
+
+Patch copied from upstream source repository:
+
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
+
+From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <address@hidden>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <address@hidden>
+Signed-off-by: Prasad J Pandit <address@hidden>
+Message-Id: <address@hidden>
+Signed-off-by: Paolo Bonzini <address@hidden>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index a083ff89ad..ad103ce483 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2929,7 +2929,7 @@ static MemTxResult 
address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace 
*as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 
+-- 
+2.13.3
+
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index fd5cea5..d999d16 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -81,7 +81,8 @@
                                       "qemu-CVE-2017-8309.patch"
                                       "qemu-CVE-2017-8379.patch"
                                       "qemu-CVE-2017-8380.patch"
-                                      "qemu-CVE-2017-9524.patch"))
+                                      "qemu-CVE-2017-9524.patch"
+                                      "qemu-CVE-2017-11334.patch"))
              (sha256
               (base32
                "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))



reply via email to

[Prev in Thread] Current Thread [Next in Thread]