qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] ab630a: pvrdma: Fix compilation error


From: Michael Roth
Subject: [Qemu-commits] [qemu/qemu] ab630a: pvrdma: Fix compilation error
Date: Tue, 01 Oct 2019 16:55:52 -0700

  Branch: refs/heads/stable-3.1
  Home:   https://github.com/qemu/qemu
  Commit: ab630a065a3344c84ec1b280696800fd62afda03
      
https://github.com/qemu/qemu/commit/ab630a065a3344c84ec1b280696800fd62afda03
  Author: Cole Robinson <address@hidden>
  Date:   2019-09-19 (Thu, 19 Sep 2019)

  Changed paths:
    M hw/rdma/vmw/pvrdma_cmd.c

  Log Message:
  -----------
  pvrdma: Fix compilation error

  In function ‘create_qp’:
  hw/rdma/vmw/pvrdma_cmd.c:517:16: error: ‘rc’ undeclared

The backport of 509f57c98 in 41dd30ff6 mishandled the conflict

Signed-off-by: Cole Robinson <address@hidden>
Signed-off-by: Michael Roth <address@hidden>


  Commit: 28c1dde9aa2a22724f81134035959d1a33a57690
      
https://github.com/qemu/qemu/commit/28c1dde9aa2a22724f81134035959d1a33a57690
  Author: Michael Roth <address@hidden>
  Date:   2019-10-01 (Tue, 01 Oct 2019)

  Changed paths:
    M slirp/ip_input.c

  Log Message:
  -----------
  slirp: Fix heap overflow in ip_reass on big packet input

When the first fragment does not fit in the preallocated buffer, q will
already be pointing to the ext buffer, so we mustn't try to update it.

Signed-off-by: Samuel Thibault <address@hidden>
(from libslirp.git commit 126c04acbabd7ad32c2b018fe10dfac2a3bc1210)
(from libslirp.git commit e0be80430c390bce181ea04dfcdd6ea3dfa97de1)
*squash in e0be80 (clarifying comments)
Signed-off-by: Michael Roth <address@hidden>


  Commit: 9efdbc0224a0edb05e109ad8e1f127b5ac004191
      
https://github.com/qemu/qemu/commit/9efdbc0224a0edb05e109ad8e1f127b5ac004191
  Author: Michael Roth <address@hidden>
  Date:   2019-10-01 (Tue, 01 Oct 2019)

  Changed paths:
    M slirp/ip_input.c

  Log Message:
  -----------
  slrip: ip_reass: Fix use after free

Using ip_deq after m_free might read pointers from an allocation reuse.

This would be difficult to exploit, but that is still related with
CVE-2019-14378 which generates fragmented IP packets that would trigger this
issue and at least produce a DoS.

Signed-off-by: Samuel Thibault <address@hidden>
(from libslirp.git commit c59279437eda91841b9d26079c70b8a540d41204)
Signed-off-by: Michael Roth <address@hidden>


  Commit: 920019e0e0e19c11c5b88adbab8b1b269f907709
      
https://github.com/qemu/qemu/commit/920019e0e0e19c11c5b88adbab8b1b269f907709
  Author: Michael Roth <address@hidden>
  Date:   2019-10-01 (Tue, 01 Oct 2019)

  Changed paths:
    M VERSION

  Log Message:
  -----------
  Update version for 3.1.1.1 release

Signed-off-by: Michael Roth <address@hidden>


Compare: https://github.com/qemu/qemu/compare/71049d2a7458...920019e0e0e1



reply via email to

[Prev in Thread] Current Thread [Next in Thread]