File CVE-2017-10806-qemuu-usb-redirect-stack-buffer-overflow-in-debug-logging.patch of Package xen.6117

References: bsc#1047675 CVE-2017-10806

Subject: usb-redir: fix stack overflow in usbredir_log_data
From: Gerd Hoffmann kraxel@redhat.com Tue May 9 13:01:28 2017 +0200
Date: Fri May 12 12:26:40 2017 +0200:
Git: bd4a683505b27adc1ac809f71e918e58573d851d

Don't reinvent a broken wheel, just use the hexdump function we have.

Impact: low, broken code doesn't run unless you have debug logging
enabled.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170509110128.27261-1-kraxel@redhat.com

Index: xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/redirect.c
===================================================================
--- xen-4.5.5-testing.orig/tools/qemu-xen-dir-remote/hw/usb/redirect.c
+++ xen-4.5.5-testing/tools/qemu-xen-dir-remote/hw/usb/redirect.c
@@ -216,21 +216,10 @@ static void usbredir_log(void *priv, int
 static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
     const uint8_t *data, int len)
 {
-    int i, j, n;
-
     if (dev->debug < usbredirparser_debug_data) {
         return;
     }
-
-    for (i = 0; i < len; i += j) {
-        char buf[128];
-
-        n = sprintf(buf, "%s", desc);
-        for (j = 0; j < 8 && i + j < len; j++) {
-            n += sprintf(buf + n, " %02X", data[i + j]);
-        }
-        error_report("%s", buf);
-    }
+    qemu_hexdump((char *)data, stderr, desc, len);
 }
 
 /*

Places

File CVE-2017-10806-qemuu-usb-redirect-stack-buffer-overflow-in-debug-logging.patch of Package xen.6117

Places