Overview

File CVE-2016-5106-qemuu-scsi-megasas-out-of-bounds-write-while-setting-controller-properties.patch of Package xen.11298

References: bsc#982025 CVE-2016-5106 

When setting MegaRAID SAS controller properties via MegaRAID
Firmware Interface(MFI) commands, a user supplied size parameter
is used to set property value. Use appropriate size value to avoid
OOB access issues.

Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/scsi/megasas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
===================================================================
--- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
+++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
@@ -1350,7 +1350,7 @@ static int megasas_dcmd_set_properties(M
                                             dcmd_size);
         return MFI_STAT_INVALID_PARAMETER;
     }
-    dma_buf_write((uint8_t *)&info, cmd->iov_size, &cmd->qsg);
+    dma_buf_write((uint8_t *)&info, dcmd_size, &cmd->qsg);
     trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
     return MFI_STAT_OK;
 }
openSUSE Build Service is sponsored by
Places