mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
39,317 Commits 50 Branches 394 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Petr Matousek 9f7c594c00 pcnet: force the buffer access to be in bounds during tx 
4096 is the maximum length per TMD and it is also currently the size of
the relay buffer pcnet driver uses for sending the packet data to QEMU
for further processing. With packet spanning multiple TMDs it can
happen that the overall packet size will be bigger than sizeof(buffer),
which results in memory corruption.

Fix this by only allowing to queue maximum sizeof(buffer) bytes.

This is CVE-2015-3209.

[Fixed 3-space indentation to QEMU's 4-space coding standard.
--Stefan]

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reported-by: Matt Tait <matttait@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-10 15:03:02 +01:00
audio
backends
Extend TPM TIS interface to support TPM 2
2015-05-31 20:29:02 +02:00
block
blkdebug: Simplify passing of Error through qemu_opts_foreach()
2015-06-09 07:40:23 +02:00
bsd-user
target-i386: use memory API to implement SMRAM
2015-06-05 17:36:39 +02:00
default-configs
ACPI: split CONFIG_ACPI into 4 pieces
2015-05-29 11:28:59 +01:00
disas
cris: remove unused cris_cond15 declarations
2015-03-19 11:11:55 +03:00
docs
pc, acpi, virtio, tpm
2015-06-04 18:33:24 +01:00
dtc @ 65cc4d2748
dtc: Update dtc / libfdt submodule to version 1.4.0
2015-06-03 23:56:49 +02:00
fpu
target-s390x: define default NaN values
2015-06-05 01:37:58 +02:00
fsdev
Fix typos in comments
2015-03-19 11:30:37 +03:00
gdb-xml
gdb-xml: Include XML for s390 vector registers
2015-05-27 17:52:03 +02:00
hw
pcnet: force the buffer access to be in bounds during tx
2015-06-10 15:03:02 +01:00
include
QemuOpts: Convert qemu_opt_foreach() to Error
2015-06-09 07:40:23 +02:00
libcacard
libcacard: do not use full paths for include files in the same dir
2015-04-30 16:05:48 +03:00
libdecnumber
linux-headers
update Linux headers from kvm/next
2015-06-05 19:45:13 +02:00
linux-user
target-i386: use memory API to implement SMRAM
2015-06-05 17:36:39 +02:00
migration
migration: Add qmp commands to set and query parameters
2015-05-07 18:31:53 +02:00
net
vhost-user: Improve -netdev/netdev_add/-net/... error reporting
2015-06-09 07:40:24 +02:00
pc-bios
Makefile.target: set icon for binary file on Mac OS X
2015-05-19 09:11:17 +01:00
pixman @ 87eea99e44
po
qapi
qapi: add dirty bitmap status
2015-05-29 12:53:12 +02:00
qga
qapi: Use 'struct' instead of 'type' in schema
2015-05-05 18:39:01 +02:00
qobject
json-parser: Accept 'null' in QMP
2015-05-11 08:59:07 -04:00
qom
qom: add object_property_add_const_link
2015-06-05 17:36:39 +02:00
roms
pseries: Update SLOF firmware image to qemu-slof-20150313
2015-03-25 22:49:45 +01:00
scripts
virtio-input: add linux/input.h
2015-05-29 10:30:06 +02:00
slirp
stubs
monitor: Change return type of monitor_cur_is_qmp() to bool
2015-06-02 10:07:16 +02:00
target-alpha
Revert "target-alpha: Add vector implementation for CMPBGE"
2015-05-22 12:30:13 +01:00
target-arm
target-arm: Remove v8_ prefix from names of non-v8-specific cpreg arrays
2015-06-02 15:32:43 +01:00
target-cris
cris: remove unused cris_cond15 declarations
2015-03-19 11:11:55 +03:00
target-i386
target-i386: use memory API to implement SMRAM
2015-06-05 17:36:39 +02:00
target-lm32
target-m68k
target-microblaze
microblaze: cpu: Delete MMAP_SHIFT definition
2015-06-03 14:21:23 +03:00
target-mips
kvm: introduce kvm_arch_msi_data_to_gsi
2015-06-02 14:56:25 +01:00
target-moxie
target-moxie: Fix warnings from Sparse (one-bit signed bitfield)
2015-03-19 11:11:55 +03:00
target-openrisc
openrisc: cpu: Remove unused cpu_get_pc
2015-04-30 16:06:18 +03:00
target-ppc
Patch queue for ppc - 2015-06-03
2015-06-04 14:04:14 +01:00
target-s390x
s390x/virtio-ccw: migration and virtio for 2.4
2015-06-09 11:07:41 +01:00
target-sh4
target-sparc
target-tricore
target-tricore: fix BOL_ST_H_LONGOFF using ld
2015-05-30 16:49:19 +02:00
target-unicore32
target-xtensa
tcg
tcg/optimize: rename tcg_constant_folding
2015-06-09 07:00:56 -07:00
tests
* KVM error improvement from Laurent
2015-06-08 15:57:41 +01:00
trace
ui
QemuOpts: Convert qemu_opt_foreach() to Error
2015-06-09 07:40:23 +02:00
util
QemuOpts: Convert qemu_opt_foreach() to Error
2015-06-09 07:40:23 +02:00
.exrc
.gitignore
gitignore: Ignore more .pod files.
2015-04-04 09:45:59 +03:00
.gitmodules
.mailmap
.travis.yml
accel.c
aio-posix.c
AioContext: acquire/release AioContext during aio_poll
2015-04-28 15:36:08 +02:00
aio-win32.c
AioContext: acquire/release AioContext during aio_poll
2015-04-28 15:36:08 +02:00
arch_init.c
migration: move dirty bitmap sync to ram_addr.h
2015-06-05 17:10:00 +02:00
async.c
iothread: release iothread around aio_poll
2015-04-28 15:36:08 +02:00
balloon.c
balloon: improve error msg when adding second device
2015-04-24 14:18:05 -04:00
block.c
qapi: add dirty bitmap status
2015-05-29 12:53:12 +02:00
blockdev-nbd.c
nbd: Fix up comment after commit e140177
2015-03-25 13:38:07 +01:00
blockdev.c
monitor: Use traditional command interface for HMP drive_del
2015-06-02 09:59:13 +02:00
blockjob.c
blockjob: Allow nested pause
2015-04-28 15:36:09 +02:00
bootdevice.c
misc: fix typos in copyright declaration
2015-03-26 14:21:43 +01:00
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE
configure
Patch queue for ppc - 2015-06-03
2015-06-04 14:04:14 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c
cpus.c
icount: print a warning if there is no more deadline in sleep=no mode
2015-06-05 17:10:00 +02:00
cputlb.c
memory: replace cpu_physical_memory_reset_dirty() with test-and-clear
2015-06-05 17:10:00 +02:00
device_tree.c
device-tree: Make a common-obj
2015-06-03 14:21:24 +03:00
device-hotplug.c
disas.c
dma-helpers.c
range: remove useless inclusions
2015-04-30 16:05:48 +03:00
dump.c
exec.c
memory: replace cpu_physical_memory_reset_dirty() with test-and-clear
2015-06-05 17:10:00 +02:00
gdbstub.c
Revert "gdbstub: Do not kill target in system emulation mode"
2015-05-28 16:57:35 +01:00
HACKING
hmp-commands.hx
monitor: Use trad. command interface for HMP pcie_aer_inject_error
2015-06-02 09:59:13 +02:00
hmp.c
monitor: Use traditional command interface for HMP device_add
2015-06-02 09:59:13 +02:00
hmp.h
monitor: Use traditional command interface for HMP device_add
2015-06-02 09:59:13 +02:00
iohandler.c
ioport.c
- miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan)
2015-04-30 12:04:11 +01:00
iothread.c
Remove various unused functions
2015-05-08 14:11:10 +03:00
kvm-all.c
kvm: remove special handling of DIRTY_MEMORY_MIGRATION in the dirty log mask
2015-06-05 17:09:59 +02:00
kvm-stub.c
LICENSE
main-loop.c
MAINTAINERS
Add David Gibson for sPAPR in MAINTAINERS file
2015-06-03 23:56:55 +02:00
Makefile
arch_init: Drop target-x86_64.conf
2015-06-02 15:15:52 -03:00
Makefile.objs
device-tree: Make a common-obj
2015-06-03 14:21:24 +03:00
Makefile.target
Makefile.target: set master BUILD_DIR
2015-06-05 17:09:58 +02:00
memory_mapping.c
memory.c
memory: use mr->ram_addr in "is this RAM?" assertions
2015-06-05 17:10:00 +02:00
module-common.c
monitor.c
monitor: Fix QMP ABI breakage around "id"
2015-06-08 12:12:11 +01:00
nbd.c
qemu-nbd: only send a limited number of errno codes on the wire
2015-05-08 14:45:11 +02:00
numa.c
QemuOpts: Convert qemu_opts_foreach() to Error
2015-06-09 07:37:37 +02:00
os-posix.c
rcu: do not create thread in pthread_atfork callback
2015-04-01 10:06:38 +02:00
os-win32.c
page_cache.c
qapi-schema.json
monitor: Convert client_migrate_info to QAPI
2015-06-02 09:59:13 +02:00
qdev-monitor.c
QemuOpts: Convert qemu_opt_foreach() to Error
2015-06-09 07:40:23 +02:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c
qemu-char: remove unused list node from FDCharDriver
2015-04-30 16:05:49 +03:00
qemu-coroutine-io.c
coroutine-io: Return -errno in case of error
2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c
coroutine: remove unnecessary parentheses in qemu_co_queue_empty
2015-04-30 16:05:49 +03:00
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-doc.texi
raw-posix: Deprecate host floppy passthrough
2015-03-19 11:43:02 +01:00
qemu-img-cmds.hx
qemu-img.c
util: move read_password method out of qemu-img into osdep/oslib
2015-05-22 17:08:01 +02:00
qemu-img.texi
qemu-io-cmds.c
qemu-io: Use getopt() correctly
2015-05-22 17:08:01 +02:00
qemu-io.c
qemu-io: prompt for encryption keys when required
2015-05-22 17:08:01 +02:00
qemu-log.c
qemu-nbd.c
qemu-nbd: Switch to qemu_set_fd_handler
2015-06-05 17:09:58 +02:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx
* KVM error improvement from Laurent
2015-06-08 15:57:41 +01:00
qemu-seccomp.c
qemu-tech.texi
qemu-timer.c
qemu.nsi
qemu.sasl
qjson.c
QJSON: Use OBJECT_CHECK
2015-05-11 08:59:07 -04:00
qmp-commands.hx
monitor: Convert client_migrate_info to QAPI
2015-06-02 09:59:13 +02:00
qmp.c
qapi: Drop inline nested struct in query-version
2015-05-05 18:39:02 +02:00
qtest.c
qtest: pre-buffer hex nibs
2015-05-22 15:58:22 -04:00
README
rules.mak
rules.mak: Force CFLAGS for all objects in DSO
2015-05-08 14:45:11 +02:00
savevm.c
error: Replace error_report() & error_free() with error_report_err()
2015-03-19 11:11:55 +03:00
softmmu_template.h
tcg: Add MO_ALIGN, MO_UNALN
2015-05-14 12:15:18 -07:00
spice-qemu-char.c
spice: fix spice_chr_add_watch() pre-condition
2015-05-29 09:56:01 +02:00
tcg-runtime.c
tci.c
tcg: Mask TCGMemOp appropriately for indexing
2015-06-09 06:35:29 -07:00
thread-pool.c
thread-pool: clean up thread_pool_completion_bh()
2015-04-28 15:36:09 +02:00
thunk.c
tpm.c
QemuOpts: Convert qemu_opts_foreach() to Error
2015-06-09 07:37:37 +02:00
trace-events
spapr_iommu: Add separate trace points for PCI DMA operations
2015-06-03 23:56:51 +02:00
translate-all.c
translate-all: make less of tb_invalidate_phys_page_range depend on is_cpu_write_access
2015-06-05 17:09:59 +02:00
translate-all.h
translate-all: remove unnecessary argument to tb_invalidate_phys_range
2015-06-05 17:09:59 +02:00
user-exec.c
exec: move functions to translate-all.h
2015-06-05 17:09:59 +02:00
VERSION
Open 2.4 development tree
2015-04-25 22:05:07 +01:00
version.rc
vl.c
QemuOpts: Convert qemu_opt_foreach() to Error
2015-06-09 07:40:23 +02:00
xen-common-stub.c
xen-common.c
xen-hvm-stub.c
xen-hvm.c
memory: prepare for multiple bits in the dirty log mask
2015-06-05 17:09:59 +02:00
xen-mapcache.c

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team
Description
No description provided
Readme 404 MiB
Languages
C 82.6%
C++ 6.5%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.8%