Skip to content
Permalink
Browse files Browse the repository at this point in the history
nbd/client: fix drop_sync [CVE-2017-2630]
Comparison symbol is misused. It may lead to memory corruption.
Introduced in commit 7d3123e.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20170203154757.36140-6-vsementsov@virtuozzo.com>
[eblake: add CVE details, update conditional]
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20170307151627.27212-1-eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  • Loading branch information
Vladimir Sementsov-Ogievskiy authored and bonzini committed Mar 14, 2017
1 parent b31f841 commit 2563c9c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion nbd/client.c
Expand Up @@ -94,7 +94,7 @@ static ssize_t drop_sync(QIOChannel *ioc, size_t size)
char small[1024];
char *buffer;

buffer = sizeof(small) < size ? small : g_malloc(MIN(65536, size));
buffer = sizeof(small) >= size ? small : g_malloc(MIN(65536, size));
while (size > 0) {
ssize_t count = read_sync(ioc, buffer, MIN(65536, size));

Expand Down

0 comments on commit 2563c9c

Please sign in to comment.