|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-upstream-unstable] net: avoid infinite loop when receiving packets(CVE-2015-5278)
commit 8ad9e71fc937439730fa68e82d6da11a50eb5c04
Author: P J P <pjp@xxxxxxxxxxxxxxxxx>
AuthorDate: Tue Sep 15 16:46:59 2015 +0530
Commit: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
CommitDate: Tue Sep 15 13:43:47 2015 +0000
net: avoid infinite loop when receiving packets(CVE-2015-5278)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
upstream-commit-id: 737d2b3c41d59eb8f94ab7eb419b957938f24943
Reported-by: Qinghao Tang <luodalongde@xxxxxxxxx>
Signed-off-by: P J P <pjp@xxxxxxxxxxxxxxxxx>
Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
---
hw/net/ne2000.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
index 109ef4e..63f1960 100644
--- a/hw/net/ne2000.c
+++ b/hw/net/ne2000.c
@@ -256,7 +256,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t
*buf, size_t size_)
if (index <= s->stop)
avail = s->stop - index;
else
- avail = 0;
+ break;
len = size;
if (len > avail)
len = avail;
--
generated by git-patchbot for /home/xen/git/qemu-upstream-unstable.git
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |