vapier 14/04/19 17:41:33 Added: qemu-9999-virtfs-proxy-helper-accept.patch Log: Fix by Tim Comer for stack overflow in virtfs-proxy-helper #486714. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key D2E96200)
Revision Changes Path 1.1 app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-emulation/qemu/files/qemu-9999-virtfs-proxy-helper-accept.patch?rev=1.1&content-type=text/plain Index: qemu-9999-virtfs-proxy-helper-accept.patch =================================================================== >From c5970614489e385e69667f1f323421442a7a46c0 Mon Sep 17 00:00:00 2001 From: Tim Comer <[email protected]> Date: Sat, 19 Apr 2014 12:51:42 -0400 Subject: [PATCH] virtfs-proxy-helper: fix call to accept The current code calls accept() without initializing the size parameter which means the accept call might write too much to the stack. URL: https://bugs.gentoo.org/486714 Signed-off-by: Tim Comer <[email protected]> Signed-off-by: Mike Frysinger <[email protected]> --- fsdev/virtfs-proxy-helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fsdev/virtfs-proxy-helper.c b/fsdev/virtfs-proxy-helper.c index bfecb87..cd291d3 100644 --- a/fsdev/virtfs-proxy-helper.c +++ b/fsdev/virtfs-proxy-helper.c @@ -760,6 +760,7 @@ static int proxy_socket(const char *path, uid_t uid, gid_t gid) return -1; } + size = sizeof(qemu); client = accept(sock, (struct sockaddr *)&qemu, &size); if (client < 0) { do_perror("accept"); -- 1.9.2
