packet fix for for netware 3.11 (initial patch by Mark Jonckheere) - security bug fix
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1363 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
parent
d39c0b990a
commit
40545f84cf
12
hw/ne2000.c
12
hw/ne2000.c
@ -246,7 +246,7 @@ static void ne2000_receive(void *opaque, const uint8_t *buf, int size)
|
|||||||
static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
||||||
{
|
{
|
||||||
NE2000State *s = opaque;
|
NE2000State *s = opaque;
|
||||||
int offset, page;
|
int offset, page, index;
|
||||||
|
|
||||||
addr &= 0xf;
|
addr &= 0xf;
|
||||||
#ifdef DEBUG_NE2000
|
#ifdef DEBUG_NE2000
|
||||||
@ -264,10 +264,18 @@ static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
|
|||||||
ne2000_update_irq(s);
|
ne2000_update_irq(s);
|
||||||
}
|
}
|
||||||
if (val & E8390_TRANS) {
|
if (val & E8390_TRANS) {
|
||||||
qemu_send_packet(s->nd, s->mem + (s->tpsr << 8), s->tcnt);
|
index = (s->tpsr << 8);
|
||||||
|
/* XXX: next 2 lines are a hack to make netware 3.11 work */
|
||||||
|
if (index >= NE2000_PMEM_END)
|
||||||
|
index -= NE2000_PMEM_SIZE;
|
||||||
|
/* fail safe: check range on the transmitted length */
|
||||||
|
if (index + s->tcnt <= NE2000_PMEM_END) {
|
||||||
|
qemu_send_packet(s->nd, s->mem + index, s->tcnt);
|
||||||
|
}
|
||||||
/* signal end of transfert */
|
/* signal end of transfert */
|
||||||
s->tsr = ENTSR_PTX;
|
s->tsr = ENTSR_PTX;
|
||||||
s->isr |= ENISR_TX;
|
s->isr |= ENISR_TX;
|
||||||
|
s->cmd &= ~E8390_TRANS;
|
||||||
ne2000_update_irq(s);
|
ne2000_update_irq(s);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user