9pfs: fix information leak in xattr read

9pfs uses g_malloc() to allocate the xattr memory space, if the guest reads this memory before writing to it, this will leak host heap memory to the guest. This patch avoid this. Signed-off-by: N Li Qiang <liqiang6-s@360.cn> Reviewed-by: N Greg Kurz <groug@kaod.org> Signed-off-by: N Greg Kurz <groug@kaod.org>

9pfs: fix information leak in xattr read
9pfs uses g_malloc() to allocate the xattr memory space, if the guest reads this memory before writing to it, this will leak host heap memory to the guest. This patch avoid this. Signed-off-by: N Li Qiang <liqiang6-s@360.cn> Reviewed-by: N Greg Kurz <groug@kaod.org> Signed-off-by: N Greg Kurz <groug@kaod.org>
eb687602 · Li Qiang · Greg Kurz · 0e44a0fd · eb687602
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

hw/9pfs/9p.c hw/9pfs/9p.c +1 -1

未找到文件。
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3282,7 +3282,7 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
    xattr_fidp->fs.xattr.flags = flags;
    v9fs_string_init(&xattr_fidp->fs.xattr.name);
    v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
-    xattr_fidp->fs.xattr.value = g_malloc(size);
+    xattr_fidp->fs.xattr.value = g_malloc0(size);
    err = offset;
    put_fid(pdu, file_fidp);
 out_nofid: