gnu/packages/patches/qemu-CVE-2017-10664.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

Fix CVE-2017-10664:

https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
https://bugzilla.redhat.com/show_bug.cgi?id=1466190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
https://security-tracker.debian.org/tracker/CVE-2017-10664

Patch copied from upstream source repository:

https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1

diff --git a/qemu-nbd.c b/qemu-nbd.c
index 9464a0461c..4dd3fd4732 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -581,6 +581,10 @@ int main(int argc, char **argv)
     sa_sigterm.sa_handler = termsig_handler;
     sigaction(SIGTERM, &sa_sigterm, NULL);
 
+#ifdef CONFIG_POSIX
+    signal(SIGPIPE, SIG_IGN);
+#endif
+
     module_call_init(MODULE_INIT_TRACE);
     qcrypto_init(&error_fatal);