Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 435380 Details for
Bug 584126
<app-emulation/spice-0.12.7-r1: multiple vulnerabilities (CVE-2016-{0749,2150})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0068-improve-primary-surface-parameter-checks
0068-improve-primary-surface-parameter-checks.patch (text/plain), 1.36 KB, created by
Kristian Fiskerstrand (RETIRED)
on 2016-05-25 21:03:44 UTC
(
hide
)
Description:
0068-improve-primary-surface-parameter-checks
Filename:
MIME Type:
Creator:
Kristian Fiskerstrand (RETIRED)
Created:
2016-05-25 21:03:44 UTC
Size:
1.36 KB
patch
obsolete
>From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 >From: Frediano Ziglio <fziglio@redhat.com> >Date: Mon, 29 Feb 2016 14:34:49 +0000 >Subject: [PATCH] improve primary surface parameter checks > >Primary surface, as additional surfaces, can be used to access >host memory from the guest using invalid parameters. > >Signed-off-by: Frediano Ziglio <fziglio@redhat.com> >--- > server/red_worker.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/server/red_worker.c b/server/red_worker.c >index a7eaab9..f9179a6 100644 >--- a/server/red_worker.c >+++ b/server/red_worker.c >@@ -11380,6 +11380,15 @@ static void dev_create_primary_surface(RedWorker *worker, uint32_t surface_id, > spice_warn_if(((uint64_t)abs(surface.stride) * (uint64_t)surface.height) != > abs(surface.stride) * surface.height); > >+ /* surface can arrive from guest unchecked so make sure >+ * guest is not a malicious one and drop invalid requests >+ */ >+ if (!red_validate_surface(surface.width, surface.height, >+ surface.stride, surface.format)) { >+ spice_warning("wrong primary surface creation request"); >+ return; >+ } >+ > line_0 = (uint8_t*)get_virt(&worker->mem_slots, surface.mem, > surface.height * abs(surface.stride), > surface.group_id, &error);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 584126
: 435380 |
435382
|
435384
|
435386