summary refs log tree commit diff
path: root/gnu/packages/patches/qemu-CVE-2017-10806.patch
blob: ebf782fe7b1aaadd7ecbf65295ca69b3c1b7d75d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Fix CVE-2017-10806:

https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
https://bugzilla.redhat.com/show_bug.cgi?id=1468496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
https://security-tracker.debian.org/tracker/CVE-2017-10806

Patch copied from upstream source repository:

https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index b001a27f05..ad5ef783a6 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
 static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
     const uint8_t *data, int len)
 {
-    int i, j, n;
-
     if (dev->debug < usbredirparser_debug_data) {
         return;
     }
-
-    for (i = 0; i < len; i += j) {
-        char buf[128];
-
-        n = sprintf(buf, "%s", desc);
-        for (j = 0; j < 8 && i + j < len; j++) {
-            n += sprintf(buf + n, " %02X", data[i + j]);
-        }
-        error_report("%s", buf);
-    }
+    qemu_hexdump((char *)data, stderr, desc, len);
 }
 
 /*