File CVE-2016-8669-qemut-char-divide-by-zero-error-i... of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch of Package xen (Revision 3d6ed0dacb5833fc9da7ef83dca95825)

Currently displaying revision 3d6ed0dacb5833fc9da7ef83dca95825 , Show latest

References: bsc#1005005 CVE-2016-8669

16550A UART device uses an oscillator to generate frequencies
(baud base), which decide communication speed. This speed could
be changed by dividing it by a divider. If the divider is
greater than the baud base, speed is set to zero, leading to a
divide by zero error. Add check to avoid it.

Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/char/serial.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Update per
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02400.html

Index: xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/hw/serial.c
===================================================================
--- xen-4.7.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/serial.c
+++ xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/hw/serial.c
@@ -227,8 +227,9 @@ static void serial_update_parameters(Ser
     int speed, parity, data_bits, stop_bits, frame_size;
     QEMUSerialSetParams ssp;
 
-    if (s->divider == 0)
+    if (s->divider == 0 || s->divider > s->baudbase) {
         return;
+    }
 
     frame_size = 1;
     if (s->lcr & 0x08) {

Places

File CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch of Package xen (Revision 3d6ed0dacb5833fc9da7ef83dca95825)

Places