rpm/qemu
SHA256
1
0
Fork 0
forked from pool/qemu
Code Pull Requests Activity
75a96ee029
qemu/0041-net-mipsnet-check-packet-length-aga.patch
Andreas Färber 75a96ee029 Accepting request 408549 from home:algraf:branches:Virtualization 
- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped:
  0002-XXX-work-around-SA_RESTART-race-wit.patch
  0003-qemu-0.9.0.cvs-binfmt.patch
  0004-qemu-cvs-alsa_bitfield.patch
  0005-qemu-cvs-alsa_ioctl.patch
  0006-qemu-cvs-alsa_mmap.patch
  0007-qemu-cvs-gettimeofday.patch
  0008-qemu-cvs-ioctl_debug.patch
  0009-qemu-cvs-ioctl_nodirection.patch
  0010-block-vmdk-Support-creation-of-SCSI.patch
  0011-linux-user-add-binfmt-wrapper-for-a.patch
  0012-PPC-KVM-Disable-mmu-notifier-check.patch
  0013-linux-user-fix-segfault-deadlock.patch
  0014-linux-user-binfmt-support-host-bina.patch
  0015-linux-user-Ignore-broken-loop-ioctl.patch
  0016-linux-user-lock-tcg.patch
  0017-linux-user-Run-multi-threaded-code-.patch
  0018-linux-user-lock-tb-flushing-too.patch
  0019-linux-user-Fake-proc-cpuinfo.patch
  0020-linux-user-implement-FS_IOC_GETFLAG.patch
  0021-linux-user-implement-FS_IOC_SETFLAG.patch
  0022-linux-user-XXX-disable-fiemap.patch
  0023-slirp-nooutgoing.patch
  0024-vnc-password-file-and-incoming-conn.patch
  0025-linux-user-add-more-blk-ioctls.patch
  0026-linux-user-use-target_ulong.patch
  0027-block-Add-support-for-DictZip-enabl.patch
  0028-block-Add-tar-container-format.patch

OBS-URL: https://build.opensuse.org/request/show/408549
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=305
2016-07-14 15:50:35 +00:00

34 lines
1.1 KiB
Diff
Raw Blame History

From a4cae4158cc271ed4d55bc2e237030022f8edc16 Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Thu, 7 Apr 2016 04:27:00 -0600
Subject: [PATCH] net: mipsnet: check packet length against buffer
When receiving packets over MIPSnet network device, it uses
receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
[BR: BSC#975136 CVE-2016-4002]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
hw/net/mipsnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index 740cd98..cf8b823 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
if (!mipsnet_can_receive(nc))
return 0;
+ if (size >= sizeof(s->rx_buffer)) {
+ return 0;
+ }
s->busy = 1;
/* Just accept everything. */
View Git Blame Copy Permalink