diff options
author | Mark H Weaver <mhw@netris.org> | 2016-02-22 10:17:48 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-02-22 10:26:22 -0500 |
commit | 5879f0d649d5112830e8e712d8245ab8d2db5133 (patch) | |
tree | 23892214f17c572e80673111ecdfd7aef4f57dfa /gnu/packages/patches/qemu-CVE-2016-2197.patch | |
parent | b784b1a9ea2a72b600abfeae486edd0bcf3f8598 (diff) | |
download | guix-5879f0d649d5112830e8e712d8245ab8d2db5133.tar.gz |
gnu: qemu: Add fixes for CVE-2015-8619, CVE-2016-1981, CVE-2016-2197.
* gnu/packages/patches/qemu-CVE-2015-8619.patch, gnu/packages/patches/qemu-CVE-2016-1981.patch, gnu/packages/patches/qemu-CVE-2016-2197.patch, gnu/packages/patches/qemu-usb-ehci-oob-read.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/qemu.scm (qemu)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2016-2197.patch')
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2016-2197.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2016-2197.patch b/gnu/packages/patches/qemu-CVE-2016-2197.patch new file mode 100644 index 0000000000..d851e1ec75 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2016-2197.patch @@ -0,0 +1,40 @@ +From: John Snow <jsnow@redhat.com> +Date: Wed, 10 Feb 2016 13:29:40 -0500 +Subject: [PATCH] ahci: Do not unmap NULL addresses + +Definitely don't try to unmap a garbage address. + +Reported-by: Zuozhi fzz <zuozhi.fzz@alibaba-inc.com> +Signed-off-by: John Snow <jsnow@redhat.com> +Message-id: 1454103689-13042-2-git-send-email-jsnow@redhat.com +(cherry picked from commit 99b4cb71069f109b79b27bc629fc0cf0886dbc4b) +--- + hw/ide/ahci.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c +index 17f1cbd..cdc9299 100644 +--- a/hw/ide/ahci.c ++++ b/hw/ide/ahci.c +@@ -661,6 +661,10 @@ static bool ahci_map_fis_address(AHCIDevice *ad) + + static void ahci_unmap_fis_address(AHCIDevice *ad) + { ++ if (ad->res_fis == NULL) { ++ DPRINTF(ad->port_no, "Attempt to unmap NULL FIS address\n"); ++ return; ++ } + dma_memory_unmap(ad->hba->as, ad->res_fis, 256, + DMA_DIRECTION_FROM_DEVICE, 256); + ad->res_fis = NULL; +@@ -677,6 +681,10 @@ static bool ahci_map_clb_address(AHCIDevice *ad) + + static void ahci_unmap_clb_address(AHCIDevice *ad) + { ++ if (ad->lst == NULL) { ++ DPRINTF(ad->port_no, "Attempt to unmap NULL CLB address\n"); ++ return; ++ } + dma_memory_unmap(ad->hba->as, ad->lst, 1024, + DMA_DIRECTION_FROM_DEVICE, 1024); + ad->lst = NULL; |