8c721a87ae
- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0002-XXX-work-around-SA_RESTART-race-wit.patch 0003-qemu-0.9.0.cvs-binfmt.patch 0004-qemu-cvs-alsa_bitfield.patch 0005-qemu-cvs-alsa_ioctl.patch 0006-qemu-cvs-alsa_mmap.patch 0007-qemu-cvs-gettimeofday.patch 0008-qemu-cvs-ioctl_debug.patch 0009-qemu-cvs-ioctl_nodirection.patch 0010-block-vmdk-Support-creation-of-SCSI.patch 0011-linux-user-add-binfmt-wrapper-for-a.patch 0012-PPC-KVM-Disable-mmu-notifier-check.patch 0013-linux-user-fix-segfault-deadlock.patch 0014-linux-user-binfmt-support-host-bina.patch 0015-linux-user-Ignore-broken-loop-ioctl.patch 0016-linux-user-lock-tcg.patch 0017-linux-user-Run-multi-threaded-code-.patch 0018-linux-user-lock-tb-flushing-too.patch 0019-linux-user-Fake-proc-cpuinfo.patch 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0022-linux-user-XXX-disable-fiemap.patch 0023-slirp-nooutgoing.patch 0024-vnc-password-file-and-incoming-conn.patch 0025-linux-user-add-more-blk-ioctls.patch 0026-linux-user-use-target_ulong.patch 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch OBS-URL: https://build.opensuse.org/request/show/408549 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=305
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
From a4cae4158cc271ed4d55bc2e237030022f8edc16 Mon Sep 17 00:00:00 2001
|
|
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
Date: Thu, 7 Apr 2016 04:27:00 -0600
|
|
Subject: [PATCH] net: mipsnet: check packet length against buffer
|
|
|
|
When receiving packets over MIPSnet network device, it uses
|
|
receive buffer of size 1514 bytes. In case the controller
|
|
accepts large(MTU) packets, it could lead to memory corruption.
|
|
Add check to avoid it.
|
|
|
|
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
|
|
|
|
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
[BR: BSC#975136 CVE-2016-4002]
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
---
|
|
hw/net/mipsnet.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
|
|
index 740cd98..cf8b823 100644
|
|
--- a/hw/net/mipsnet.c
|
|
+++ b/hw/net/mipsnet.c
|
|
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
|
|
if (!mipsnet_can_receive(nc))
|
|
return 0;
|
|
|
|
+ if (size >= sizeof(s->rx_buffer)) {
|
|
+ return 0;
|
|
+ }
|
|
s->busy = 1;
|
|
|
|
/* Just accept everything. */
|