mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-15 19:35:25 -05:00
54 lines
1.8 KiB
Diff
54 lines
1.8 KiB
Diff
|
Fix CVE-2017-8380:
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380
|
||
|
|
||
|
Patch copied from upstream source repository:
|
||
|
|
||
|
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
|
||
|
|
||
|
From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001
|
||
|
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||
|
Date: Mon, 24 Apr 2017 17:36:34 +0530
|
||
|
Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write
|
||
|
|
||
|
While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
|
||
|
an off-by-one error could occur as 's->adp_reset' index is not
|
||
|
reset after reading the last sequence.
|
||
|
|
||
|
Reported-by: YY Z <bigbird475958471@gmail.com>
|
||
|
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||
|
Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
|
||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||
|
---
|
||
|
hw/scsi/megasas.c | 10 +++++-----
|
||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||
|
|
||
|
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
|
||
|
index 84b8caf901..804122ab05 100644
|
||
|
--- a/hw/scsi/megasas.c
|
||
|
+++ b/hw/scsi/megasas.c
|
||
|
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
|
||
|
case MFI_SEQ:
|
||
|
trace_megasas_mmio_writel("MFI_SEQ", val);
|
||
|
/* Magic sequence to start ADP reset */
|
||
|
- if (adp_reset_seq[s->adp_reset] == val) {
|
||
|
- s->adp_reset++;
|
||
|
+ if (adp_reset_seq[s->adp_reset++] == val) {
|
||
|
+ if (s->adp_reset == 6) {
|
||
|
+ s->adp_reset = 0;
|
||
|
+ s->diag = MFI_DIAG_WRITE_ENABLE;
|
||
|
+ }
|
||
|
} else {
|
||
|
s->adp_reset = 0;
|
||
|
s->diag = 0;
|
||
|
}
|
||
|
- if (s->adp_reset == 6) {
|
||
|
- s->diag = MFI_DIAG_WRITE_ENABLE;
|
||
|
- }
|
||
|
break;
|
||
|
case MFI_DIAG:
|
||
|
trace_megasas_mmio_writel("MFI_DIAG", val);
|
||
|
--
|
||
|
2.13.0
|
||
|
|