| commit | 737d2b3c41d59eb8f94ab7eb419b957938f24943 | |
| author | P J P <pjp@fedoraproject.org> | |
| Tue, 15 Sep 2015 11:16:59 +0000 (15 16:46 +0530) | ||
| committer | Stefan Hajnoczi <stefanha@redhat.com> | |
| Tue, 15 Sep 2015 11:51:14 +0000 (15 12:51 +0100) | ||
| tree | de751aa25c0ae9b3ddc10e5f142c3e703a4d991b | treesnapshot (tar.gz zip) |
| parent | 9bbdbc66e5765068dce76e9269dce4547afd8ad4 | commitdiff |
net: avoid infinite loop when receiving packets(CVE-2015-5278)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| hw/net/ne2000.c | diffblobblamehistory |