]> xenbits.xensource.com Git - qemu-xen-unstable.git/commit
projects / qemu-xen-unstable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bc00cad) | patch
net: pcnet: add check to validate receive data size(CVE-2015-7504)
authorIan Jackson <ian.jackson@eu.citrix.com>
Wed, 9 Dec 2015 11:47:35 +0000 (11:47 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Wed, 9 Dec 2015 11:47:35 +0000 (11:47 +0000)
commit91c15bfaec1764ce2896a393eabee1183afe1130
tree4bf5e8d86b2306ea4fa87f9a8b4b1c26e636fff0tree
parentbc00cad75d8bcc3ba696992bec219c21db8406aacommit | diff
net: pcnet: add check to validate receive data size(CVE-2015-7504)

In loopback mode, pcnet_receive routine appends CRC code to the
receive buffer. If the data size given is same as the buffer size,
the appended CRC code overwrites 4 bytes after s->buffer. Added a
check to avoid that.

This is XSA-162.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
hw/pcnet.c diff | blob | blame | history
Unnamed repository; edit this file to name it for gitweb.