b87fe0a367
loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=408
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
References: bsc#969351 CVE-2016-2841
|
|
|
|
From: Prasad J Pandit <address@hidden>
|
|
|
|
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
|
|
bytes to process network packets. Registers PSTART & PSTOP
|
|
define ring buffer size & location. Setting these registers
|
|
to invalid values could lead to infinite loop or OOB r/w
|
|
access issues. Add check to avoid it.
|
|
|
|
Reported-by: Yang Hongke <address@hidden>
|
|
Signed-off-by: Prasad J Pandit <address@hidden>
|
|
---
|
|
hw/net/ne2000.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
Update per review:
|
|
-> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html
|
|
|
|
Index: xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c
|
|
===================================================================
|
|
--- xen-4.6.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c
|
|
+++ xen-4.6.1-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c
|
|
@@ -202,6 +202,10 @@ static int ne2000_buffer_full(NE2000Stat
|
|
{
|
|
int avail, index, boundary;
|
|
|
|
+ if (s->stop <= s->start) {
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
index = s->curpag << 8;
|
|
boundary = s->boundary << 8;
|
|
if (index < boundary)
|