mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw/net
History
P J P 9bbdbc66e5 net: add checks to validate ring buffer pointers(CVE-2015-5279) 
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15 12:51:14 +01:00
..
fsl_etsec
typofixes - v4
2015-09-11 10:45:43 +03:00
rocker
maint: avoid useless "if (foo) free(foo)" pattern
2015-09-11 10:21:38 +03:00
allwinner_emac.c
cadence_gem.c
cadence_gem: Correct Marvell PHY SPCFC reset value
2015-09-08 17:38:45 +01:00
dp8393x.c
net/dp8393x: do not use memory_region_init_rom_device with NULL
2015-07-28 09:30:10 +01:00
e1000_regs.h
e1000.c
e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)
2015-09-15 12:51:02 +01:00
eepro100.c
eepro100: Drop nic_can_receive
2015-07-27 14:12:18 +01:00
etraxfs_eth.c
etraxfs_eth: Drop eth_can_receive
2015-07-20 17:47:24 +01:00
imx_fec.c
i.MX: Add FEC Ethernet Emulator
2015-09-07 10:39:30 +01:00
lan9118.c
lan9118: Drop lan9118_can_receive
2015-07-20 17:47:24 +01:00
lance.c
pcnet: Drop pcnet_can_receive
2015-07-27 14:12:18 +01:00
Makefile.objs
i.MX: Add FEC Ethernet Emulator
2015-09-07 10:39:30 +01:00
mcf_fec.c
hw/net: handle flow control in mcf_fec driver receiver
2015-07-28 11:27:53 +01:00
milkymist-minimac2.c
milkymist-minimac2: Flush queued packets when link comes up
2015-07-27 14:12:18 +01:00
mipsnet.c
mipsnet: Flush queued packets when receiving is enabled
2015-07-27 14:12:18 +01:00
ne2000-isa.c
ne2000: Drop ne2000_can_receive
2015-09-02 14:51:07 +01:00
ne2000.c
net: add checks to validate ring buffer pointers(CVE-2015-5279)
2015-09-15 12:51:14 +01:00
ne2000.h
ne2000: Drop ne2000_can_receive
2015-09-02 14:51:07 +01:00
opencores_eth.c
pcnet-pci.c
pcnet: Drop pcnet_can_receive
2015-07-27 14:12:18 +01:00
pcnet.c
pcnet: Drop pcnet_can_receive
2015-07-27 14:12:18 +01:00
pcnet.h
pcnet: Drop pcnet_can_receive
2015-07-27 14:12:18 +01:00
rtl8139.c
maint: avoid useless "if (foo) free(foo)" pattern
2015-09-11 10:21:38 +03:00
smc91c111.c
spapr_llan.c
spapr: Merge sPAPREnvironment into sPAPRMachineState
2015-07-07 17:44:50 +02:00
stellaris_enet.c
stellaris_enet: Flush queued packets when read done
2015-07-27 14:12:18 +01:00
vhost_net.c
virtio: avoid leading underscores for helpers
2015-09-10 11:06:05 +03:00
virtio-net.c
virtio: avoid leading underscores for helpers
2015-09-10 11:06:05 +03:00
vmware_utils.h
vmxnet3.c
vmxnet3: Drop net_vmxnet3_info.can_receive
2015-09-02 14:50:25 +01:00
vmxnet3.h
vmxnet_debug.h
vmxnet_rx_pkt.c
net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data'
2015-07-20 17:39:05 +01:00
vmxnet_rx_pkt.h
net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data'
2015-07-20 17:39:05 +01:00
vmxnet_tx_pkt.c
vmxnet_tx_pkt.h
xen_nic.c
maint: remove unused include for signal.h
2015-09-11 10:21:38 +03:00
xgmac.c
xgmac: Drop packets with eth_can_rx is false.
2015-07-27 14:12:18 +01:00
xilinx_axienet.c
axienet: Flush queued packets when rx is done
2015-07-27 14:12:18 +01:00
xilinx_ethlite.c