qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] virtio-gpu: fix information leak in getting capset info dispatch
@ 2016-11-01  9:53 Li Qiang
  2016-11-01 11:13 ` Gerd Hoffmann
  0 siblings, 1 reply; 2+ messages in thread
From: Li Qiang @ 2016-11-01  9:53 UTC (permalink / raw)
  To: kraxel, qemu-devel; +Cc: Li Qiang

From: Li Qiang <liqiang6-s@360.cn>

In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
been full initialized before writing to the guest. This will leak
the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
patch fix this issue.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
 hw/display/virtio-gpu-3d.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..23f39de 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
 
     VIRTIO_GPU_FILL_CMD(info);
 
+    memset(&resp, 0, sizeof(resp));
     if (info.capset_index == 0) {
         resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
         virgl_renderer_get_cap_set(resp.capset_id,
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] virtio-gpu: fix information leak in getting capset info dispatch
  2016-11-01  9:53 [Qemu-devel] [PATCH] virtio-gpu: fix information leak in getting capset info dispatch Li Qiang
@ 2016-11-01 11:13 ` Gerd Hoffmann
  0 siblings, 0 replies; 2+ messages in thread
From: Gerd Hoffmann @ 2016-11-01 11:13 UTC (permalink / raw)
  To: Li Qiang; +Cc: qemu-devel, Li Qiang

On Di, 2016-11-01 at 02:53 -0700, Li Qiang wrote:
> From: Li Qiang <liqiang6-s@360.cn>
> 
> In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
> been full initialized before writing to the guest. This will leak
> the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
> patch fix this issue.
> 
> Signed-off-by: Li Qiang <liqiang6-s@360.cn>

Added to vga queue.

thanks,
  Gerd

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-01 11:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-01  9:53 [Qemu-devel] [PATCH] virtio-gpu: fix information leak in getting capset info dispatch Li Qiang
2016-11-01 11:13 ` Gerd Hoffmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).