diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
commit | 77181815ae70cf573b6fa390a4400b718835aa8a (patch) | |
tree | 731ccaaccc7a69ddc90f04bb71a6a39aa5f3be5a /gnu/packages/patches/spice-CVE-2016-9578-1.patch | |
parent | e3f9406b7c4b3b1afe3dd6affb7f7898434d607a (diff) | |
parent | 35377cfa908340e51fd22af7369aef15499d4a36 (diff) | |
download | guix-77181815ae70cf573b6fa390a4400b718835aa8a.tar guix-77181815ae70cf573b6fa390a4400b718835aa8a.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/spice-CVE-2016-9578-1.patch')
-rw-r--r-- | gnu/packages/patches/spice-CVE-2016-9578-1.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch deleted file mode 100644 index f86cdb4eb1..0000000000 --- a/gnu/packages/patches/spice-CVE-2016-9578-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -Prevent possible DoS during protocol handshake. - -https://bugzilla.redhat.com/show_bug.cgi?id=1399566 -https://access.redhat.com/security/cve/CVE-2016-9578 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 -https://security-tracker.debian.org/tracker/CVE-2016-9578 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a - -From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Tue, 13 Dec 2016 14:39:48 +0000 -Subject: Prevent possible DoS attempts during protocol handshake - -diff --git a/server/reds.c b/server/reds.c -index f40b65c..86a33d5 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque) - - reds->peer_minor_version = header->minor_version; - -- if (header->size < sizeof(SpiceLinkMess)) { -+ /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */ -+ if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { - reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); - spice_warning("bad size %u", header->size); - reds_link_free(link); --- -cgit v0.10.2 - |