| commit | 7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755 | |
| author | P J P <pjp@fedoraproject.org> | |
| Tue, 15 Sep 2015 11:10:49 +0000 (15 16:40 +0530) | ||
| committer | Michael Roth <mdroth@linux.vnet.ibm.com> | |
| Mon, 21 Sep 2015 22:04:14 +0000 (21 17:04 -0500) | ||
| tree | 4dec735f76a2132c3e74d11d2f59cbbda7eeb6c9 | treesnapshot (tar.gz zip) |
| parent | 3a56af1fbc17ff453f6e90fb08ce0c0e6fd0b61b | commitdiff |
net: add checks to validate ring buffer pointers(CVE-2015-5279)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| hw/net/ne2000.c | diffblobblamehistory |