e8e880a72e
The emulated network cards in QEMU allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the slirp's default MTU, which triggers a heap-based buffer overflow in the slirp library. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162 |
||
|---|---|---|
| .. | ||
| bootp.c | ||
| bootp.h | ||
| cksum.c | ||
| COPYRIGHT | ||
| ctl.h | ||
| debug.c | ||
| debug.h | ||
| icmp_var.h | ||
| if.c | ||
| if.h | ||
| ip_icmp.c | ||
| ip_icmp.h | ||
| ip_input.c | ||
| ip_output.c | ||
| ip.h | ||
| libslirp.h | ||
| main.h | ||
| mbuf.c | ||
| mbuf.h | ||
| misc.c | ||
| misc.h | ||
| sbuf.c | ||
| sbuf.h | ||
| slirp_config.h | ||
| slirp.c | ||
| slirp.h | ||
| socket.c | ||
| socket.h | ||
| tcp_input.c | ||
| tcp_output.c | ||
| tcp_subr.c | ||
| tcp_timer.c | ||
| tcp_timer.h | ||
| tcp_var.h | ||
| tcp.h | ||
| tcpip.h | ||
| tftp.c | ||
| tftp.h | ||
| udp.c | ||
| udp.h | ||