mirror of https://github.com/proxmox/mirror_qemu
![]() AUD_add_capture() allocates two buffers which are never released.
Add the missing calls to AUD_del_capture().
Impact: Allows vnc clients to exhaust host memory by repeatedly
starting and stopping audio capture.
Fixes: CVE-2017-8309
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170428075612.9997-1-kraxel@redhat.com
(cherry picked from commit
|
||
---|---|---|
.. | ||
Makefile.objs | ||
alsaaudio.c | ||
audio.c | ||
audio.h | ||
audio_int.h | ||
audio_pt_int.c | ||
audio_pt_int.h | ||
audio_template.h | ||
audio_win_int.c | ||
audio_win_int.h | ||
coreaudio.c | ||
dsound_template.h | ||
dsoundaudio.c | ||
mixeng.c | ||
mixeng.h | ||
mixeng_template.h | ||
noaudio.c | ||
ossaudio.c | ||
paaudio.c | ||
rate_template.h | ||
sdlaudio.c | ||
spiceaudio.c | ||
trace-events | ||
wavaudio.c | ||
wavcapture.c |