9pfs: fix information leak in xattr read

9pfs uses g_malloc() to allocate the xattr memory space, if the guest reads this memory before writing to it, this will leak host heap memory to the guest. This patch avoid this. Signed-off-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Greg Kurz <groug@kaod.org> Signed-off-by: Greg Kurz <groug@kaod.org>
2016-10-17 14:13:58 +02:00 · 2016-10-17 14:13:58 +02:00 · eb68760285
commit eb68760285
parent 0e44a0fd3f
1 changed files with 1 additions and 1 deletions
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@ -3282,7 +3282,7 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque)
    xattr_fidp->fs.xattr.flags = flags;
    v9fs_string_init(&xattr_fidp->fs.xattr.name);
    v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);
-    xattr_fidp->fs.xattr.value = g_malloc(size);
+    xattr_fidp->fs.xattr.value = g_malloc0(size);
    err = offset;
    put_fid(pdu, file_fidp);
 out_nofid: