net: add checks to validate ring buffer pointers(CVE-2015-5279) - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	P J P	2015-09-15 13:10:49 +0200
committer	Stefan Hajnoczi	2015-09-15 13:51:14 +0200
commit	9bbdbc66e5765068dce76e9269dce4547afd8ad4 (patch)
tree	be69a5ef5c32570fe2bdabac54ff824580a65208 /include/exec
parent	e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815) (diff)
download	qemu-9bbdbc66e5765068dce76e9269dce4547afd8ad4.tar.gz qemu-9bbdbc66e5765068dce76e9269dce4547afd8ad4.tar.xz qemu-9bbdbc66e5765068dce76e9269dce4547afd8ad4.zip

net: add checks to validate ring buffer pointers(CVE-2015-5279)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. While receiving packets via ne2000_receive() routine, a local 'index' variable could exceed the ring buffer size, which could lead to a memory buffer overflow. Added other checks at initialisation. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Diffstat (limited to 'include/exec')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: