qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] slirp: udp: fix NULL pointer dereference bec

From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket
Date: Wed, 24 Sep 2014 03:40:53 -0700 
On 23 September 2014 09:50, Michael Tokarev <address@hidden> wrote:
> 18.09.2014 10:35, Petr Matousek wrote:
>> When guest sends udp packet with source port and source addr 0,
>> uninitialized socket is picked up when looking for matching and already
>> created udp sockets, and later passed to sosendto() where NULL pointer
>> dereference is hit during so->slirp->vnetwork_mask.s_addr access.
>>
>> Fix this by checking that the socket is not just a socket stub.
>>
>> This is CVE-2014-3640.
>>
>> Signed-off-by: Petr Matousek <address@hidden>
>> Reported-by: Xavier Mehrenberger <address@hidden>
>> Reported-by: Stephane Duverger <address@hidden>
>
> Reviewed-by: Michael Tokarev <address@hidden>

Applied to master, thanks.

-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]