mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw/net
History
Mauro Matteo Cascella 035e69b063 hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() 
An assertion failure issue was found in the code that processes network packets
while adding data fragments into the packet context. It could be abused by a
malicious guest to abort the QEMU process on the host. This patch replaces the
affected assert() with a conditional statement, returning false if the current
data fragment exceeds max_raw_frags.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-08-04 14:14:48 +08:00
..
can
fsl_etsec
rocker
allwinner_emac.c
allwinner-sun8i-emac.c
cadence_gem.c
net: cadence_gem: Fix RX address filtering
2020-06-18 21:05:52 +08:00
dp8393x.c
e1000_regs.h
e1000.c
e1000e_core.c
hw/net/e1000e: Do not abort() on invalid PSRCTL register value
2020-06-18 21:05:52 +08:00
e1000e_core.h
e1000e.c
e1000x_common.c
e1000x_common.h
eepro100.c
etraxfs_eth.c
ftgmac100.c
ftgmac100: fix dblac write test
2020-07-15 21:00:13 +08:00
i82596.c
i82596.h
imx_fec.c
Add a phy-num property to the i.MX FEC emulator
2020-07-03 16:59:41 +01:00
Kconfig
lan9118.c
sysbus: Convert to sysbus_realize() etc. with Coccinelle
2020-06-15 22:05:28 +02:00
lance.c
lasi_i82596.c
Makefile.objs
mcf_fec.c
milkymist-minimac2.c
mipsnet.c
msf2-emac.c
ne2000-isa.c
qom: Put name parameter before value / visitor parameter
2020-07-10 15:18:08 +02:00
ne2000-pci.c
ne2000.c
ne2000.h
net_rx_pkt.c
net_rx_pkt.h
net_tx_pkt.c
hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()
2020-08-04 14:14:48 +08:00
net_tx_pkt.h
hw/net: Added plen fix for IPv6
2020-07-21 21:30:39 +08:00
opencores_eth.c
pcnet-pci.c
pcnet.c
pcnet.h
lance: replace PROP_PTR with PROP_LINK
2020-01-07 17:24:29 +04:00
rtl8139.c
smc91c111.c
spapr_llan.c
stellaris_enet.c
sungem.c
sunhme.c
trace-events
Add a phy-num property to the i.MX FEC emulator
2020-07-03 16:59:41 +01:00
tulip.c
hw/net/tulip: Log descriptor overflows
2020-06-18 21:05:51 +08:00
tulip.h
hw/net/tulip: Fix 'Descriptor Error' definition
2020-06-18 21:05:51 +08:00
vhost_net-stub.c
vhost_net: introduce set_config & get_config
2020-07-03 07:57:04 -04:00
vhost_net.c
vhost-vdpa: introduce vhost-vdpa backend
2020-07-07 07:59:51 -04:00
virtio-net.c
virtio-net: check the existence of peer before accessing vDPA config
2020-07-28 16:57:58 +08:00
vmware_utils.h
vmxnet3_defs.h
vmxnet3.c
vmxnet3.h
vmxnet_debug.h
xen_nic.c
xgmac.c
hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
2020-07-21 21:30:39 +08:00
xilinx_axienet.c
qom: Put name parameter before value / visitor parameter
2020-07-10 15:18:08 +02:00
xilinx_ethlite.c