Author: Li Qiang Date: Mon Oct 17 14:13:58 2016 +0200 9pfs: fix information leak in xattr read 9pfs uses g_malloc() to allocate the xattr memory space, if the guest reads this memory before writing to it, this will leak host heap memory to the guest. This patch avoid this. Signed-off-by: Li Qiang Reviewed-by: Greg Kurz Signed-off-by: Greg Kurz diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index 26aa7d5..bf23b01 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -3269,8 +3269,8 @@ static void coroutine_fn v9fs_xattrcreate(void *opaque) xattr_fidp->fs.xattr.flags = flags; v9fs_string_init(&xattr_fidp->fs.xattr.name); v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name); g_free(xattr_fidp->fs.xattr.value); - xattr_fidp->fs.xattr.value = g_malloc(size); + xattr_fidp->fs.xattr.value = g_malloc0(size); err = offset; put_fid(pdu, file_fidp); out_nofid: