summary refs log tree commit diff
path: root/gnu/packages/patches/qemu-CVE-2015-5745.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-5745.patch')
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-5745.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-5745.patch b/gnu/packages/patches/qemu-CVE-2015-5745.patch
new file mode 100644
index 0000000000..2326279026
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-5745.patch
@@ -0,0 +1,32 @@
+From 7882080388be5088e72c425b02223c02e6cb4295 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Thu, 23 Jul 2015 17:52:02 +0300
+Subject: [PATCH] virtio-serial: fix ANY_LAYOUT
+
+Don't assume a specific layout for control messages.
+Required by virtio 1.
+
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Reviewed-by: Amit Shah <amit.shah@redhat.com>
+Reviewed-by: Jason Wang <jasowang@redhat.com>
+---
+ hw/char/virtio-serial-bus.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
+index 78c73e5..929e49c 100644
+--- a/hw/char/virtio-serial-bus.c
++++ b/hw/char/virtio-serial-bus.c
+@@ -195,7 +195,8 @@ static size_t send_control_msg(VirtIOSerial *vser, void *buf, size_t len)
+         return 0;
+     }
+ 
+-    memcpy(elem.in_sg[0].iov_base, buf, len);
++    /* TODO: detect a buffer that's too short, set NEEDS_RESET */
++    iov_from_buf(elem.in_sg, elem.in_num, 0, buf, len);
+ 
+     virtqueue_push(vq, &elem, len);
+     virtio_notify(VIRTIO_DEVICE(vser), vq);
+-- 
+2.4.3
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-22 23:51:01 +0000