]> xenbits.xensource.com Git - qemu-upstream-4.6-testing.git/commit
projects / qemu-upstream-4.6-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 574da08) | patch
net: avoid infinite loop when receiving packets(CVE-2015-5278) qemu-xen-4.6.0 qemu-xen-4.6.0-rc5
authorP J P <pjp@fedoraproject.org>
Tue, 15 Sep 2015 11:16:59 +0000 (16:46 +0530)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Tue, 15 Sep 2015 13:53:51 +0000 (13:53 +0000)
commitcc31b41210ed66b07822a8c534053273d249dbe6
tree424dd739f539df624798e017f43da2fb39d94d2ftree
parent574da08fa558c5d62ec97e2f6a73b12578cd33d6commit | diff
net: avoid infinite loop when receiving packets(CVE-2015-5278)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.

upstream-commit-id: 737d2b3c41d59eb8f94ab7eb419b957938f24943

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
hw/net/ne2000.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-4.6-testing