[pve-devel] [PATCH kvm] Removing wrong CVE-2015-8619

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Jan 8 10:21:53 CET 2016 

It's not required and breaks 'sendkey' of combined keys such
as "ctrl-f1".
---
 debian/patches/CVE-2015-8619-hmp-oob-write.patch | 34 ------------------------
 debian/patches/series                            |  1 -
 2 files changed, 35 deletions(-)
 delete mode 100644 debian/patches/CVE-2015-8619-hmp-oob-write.patch

diff --git a/debian/patches/CVE-2015-8619-hmp-oob-write.patch b/debian/patches/CVE-2015-8619-hmp-oob-write.patch
deleted file mode 100644
index 1dd22d4..0000000
--- a/debian/patches/CVE-2015-8619-hmp-oob-write.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b0363f4c0e91671064dd7ffece8a6923c8dcaf20 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp at fedoraproject.org>
-Date: Thu, 17 Dec 2015 17:47:15 +0530
-Subject: [PATCH] hmp: avoid redundant null termination of buffer
-
-When processing 'sendkey' command, hmp_sendkey routine null
-terminates the 'keyname_buf' array. This results in an OOB write
-issue, if 'keyname_len' was to fall outside of 'keyname_buf' array.
-Removed the redundant null termination, as pstrcpy routine already
-null terminates the target buffer.
-
-Reported-by: Ling Liu <liuling-it at 360.cn>
-Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
----
-  hmp.c | 2 --
-  1 file changed, 2 deletions(-)
-
-diff --git a/hmp.c b/hmp.c
-index 2140605..e530c9c 100644
---- a/hmp.c
-+++ b/hmp.c
-@@ -1746,9 +1746,7 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
-         /* Be compatible with old interface, convert user inputted "<" */
-         if (!strncmp(keyname_buf, "<", 1) && keyname_len == 1) {
-             pstrcpy(keyname_buf, sizeof(keyname_buf), "less");
--            keyname_len = 4;
-         }
--        keyname_buf[keyname_len] = 0;
- 
-         keylist = g_malloc0(sizeof(*keylist));
-         keylist->value = g_malloc0(sizeof(*keylist->value));
--- 
-2.4.3
-===
diff --git a/debian/patches/series b/debian/patches/series
index 6b978ca..87a00ab 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -42,7 +42,6 @@ CVE-2015-7549-msix-pba-write-ro.patch
 CVE-2015-8558-ehci_make_idt_processing_more_robust.patch
 vmxnet3-host-memory-leakage.patch
 CVE-2015-8613-scsi-initialize-info-object.patch
-CVE-2015-8619-hmp-oob-write.patch
 CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch
 CVE-2015-8701-net-rocker-off-by-one.patch
 CVE-2015-8743-ne2000-ioport-bounds-check.patch
-- 
2.1.4

More information about the pve-devel mailing list