Overview

File 0069-scsi-mptconfig-fix-format-string.patch of Package qemu

From e820620341bc47a0d482069454b2e07a60739d48 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Wed, 31 Aug 2016 06:07:00 -0600
Subject: [PATCH] scsi: mptconfig: fix format string

When LSI SAS1068 Host Bus emulator builds configuration page
headers, the format string used in 'mptsas_config_manufacturing_1'
was wrong. It could lead to an invalid memory access.

Reported-by: Tom Victor <vv474172261@gmail.com>
Fix-suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: CVE-2016-7157 BSC#997860]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 hw/scsi/mptconfig.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/mptconfig.c b/hw/scsi/mptconfig.c
index 7071854..1ec895b 100644
--- a/hw/scsi/mptconfig.c
+++ b/hw/scsi/mptconfig.c
@@ -203,7 +203,7 @@ size_t mptsas_config_manufacturing_1(MPTSASState *s, uint8_t **data, int address
 {
     /* VPD - all zeros */
     return MPTSAS_CONFIG_PACK(1, MPI_CONFIG_PAGETYPE_MANUFACTURING, 0x00,
-                              "s256");
+                              "*s256");
 }
 
 static
openSUSE Build Service is sponsored by
Places