[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 9f7c59: pcnet: force the buffer access to be
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 9f7c59: pcnet: force the buffer access to be in bounds dur... |
|
Date: |
Wed, 10 Jun 2015 08:00:08 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 9f7c594c006289ad41169b854d70f5da6e400a2a
https://github.com/qemu/qemu/commit/9f7c594c006289ad41169b854d70f5da6e400a2a
Author: Petr Matousek <address@hidden>
Date: 2015-06-10 (Wed, 10 Jun 2015)
Changed paths:
M hw/net/pcnet.c
Log Message:
-----------
pcnet: force the buffer access to be in bounds during tx
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.
Fix this by only allowing to queue maximum sizeof(buffer) bytes.
This is CVE-2015-3209.
[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]
Signed-off-by: Petr Matousek <address@hidden>
Reported-by: Matt Tait <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
Commit: e015fe008a3a8901913248cdb50c62dba795c588
https://github.com/qemu/qemu/commit/e015fe008a3a8901913248cdb50c62dba795c588
Author: Peter Maydell <address@hidden>
Date: 2015-06-10 (Wed, 10 Jun 2015)
Changed paths:
M hw/net/pcnet.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/stefanha/tags/CVE-2015-3209-pcnet-tx-buffer-fix-pull-request' into
staging
# gpg: Signature made Wed Jun 10 15:04:11 2015 BST using RSA key ID 81AB73C8
# gpg: Good signature from "Stefan Hajnoczi <address@hidden>"
# gpg: aka "Stefan Hajnoczi <address@hidden>"
* remotes/stefanha/tags/CVE-2015-3209-pcnet-tx-buffer-fix-pull-request:
pcnet: force the buffer access to be in bounds during tx
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/b0411142f482...e015fe008a3a
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 9f7c59: pcnet: force the buffer access to be in bounds dur...,
GitHub <=