rpms / xen

Clone
Source Code
GIT

Blame qemu.trad.CVE-2017-8309.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main private-20060208-sct-branch rawhide
  1.   ab3164079ee42ece7c49aecd70ee3d5e551f96f7
  2.   qemu.trad.CVE-2017-8309.patch
Blob History Raw
c3ef6d0 
From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
c3ef6d0 
From: Gerd Hoffmann <kraxel@redhat.com>
c3ef6d0 
Date: Fri, 28 Apr 2017 09:56:12 +0200
c3ef6d0 
Subject: [PATCH] audio: release capture buffers
c3ef6d0
c3ef6d0 
AUD_add_capture() allocates two buffers which are never released.
c3ef6d0 
Add the missing calls to AUD_del_capture().
c3ef6d0
c3ef6d0 
Impact: Allows vnc clients to exhaust host memory by repeatedly
c3ef6d0 
starting and stopping audio capture.
c3ef6d0
c3ef6d0 
Fixes: CVE-2017-8309
c3ef6d0 
Cc: P J P <ppandit@redhat.com>
c3ef6d0 
Cc: Huawei PSIRT <PSIRT@huawei.com>
c3ef6d0 
Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
c3ef6d0 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
c3ef6d0 
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
c3ef6d0 
Message-id: 20170428075612.9997-1-kraxel@redhat.com
c3ef6d0 
---
c3ef6d0 
 audio/audio.c | 2 ++
c3ef6d0 
 1 file changed, 2 insertions(+)
c3ef6d0
c3ef6d0 
diff --git a/audio/audio.c b/audio/audio.c
c3ef6d0 
index c8898d8..beafed2 100644
c3ef6d0 
--- a/audio/audio.c
c3ef6d0 
+++ b/audio/audio.c
c3ef6d0 
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
c3ef6d0 
                     sw = sw1;
c3ef6d0 
                 }
c3ef6d0 
                 LIST_REMOVE (cap, entries);
c3ef6d0 
+                qemu_free (cap->hw.mix_buf);
c3ef6d0 
+                qemu_free (cap->buf);
c3ef6d0 
                 qemu_free (cap);
c3ef6d0 
             }
c3ef6d0 
             return;
c3ef6d0 
--
c3ef6d0 
1.8.3.1
c3ef6d0
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.