net: add checks to validate ring buffer pointers(CVE-2015-5279)
commit9bbdbc66e5765068dce76e9269dce4547afd8ad4
authorP J P <pjp@fedoraproject.org>
Tue, 15 Sep 2015 11:10:49 +0000 (15 16:40 +0530)
committerStefan Hajnoczi <stefanha@redhat.com>
Tue, 15 Sep 2015 11:51:14 +0000 (15 12:51 +0100)
treebe69a5ef5c32570fe2bdabac54ff824580a65208
parentb947ac2bf26479e710489739c465c8af336599e7
net: add checks to validate ring buffer pointers(CVE-2015-5279)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
hw/net/ne2000.c