Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
xen.1589
CVE-2015-8345-qemut-eepro100-infinite-loop-fix....
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch of Package xen.1589
References: bsc#956832 CVE-2015-8345 From: Prasad J Pandit <address@hidden> Date: Fri, 16 Oct 2015 11:33:27 +0530 Subject: eepro100: prevent an infinite loop over same command block action_command() routine executes a chain of commands located in the Command Block List(CBL). Each Command Block(CB) has a link to the next CB in the list, given by 's->tx.link'. This is used in conjunction with the base address 's->cu_base'. An infinite loop unfolds if the 'link' to the next CB is same as the previous one, the loop ends up executing the same command over and over again. Reported-by: Qinghao Tang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/eepro100.c | 2 ++ 1 file changed, 2 insertions(+) Index: xen-4.4.3-testing/tools/qemu-xen-traditional-dir-remote/hw/eepro100.c =================================================================== --- xen-4.4.3-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/eepro100.c +++ xen-4.4.3-testing/tools/qemu-xen-traditional-dir-remote/hw/eepro100.c @@ -674,6 +674,8 @@ static void eepro100_cu_command(EEPRO100 next_command: cb_address = s->cu_base + s->cu_offset; cpu_physical_memory_read(cb_address, (uint8_t *) & tx, sizeof(tx)); + if (tx.link == s->cu_offset) + break; uint16_t status = le16_to_cpu(tx.status); uint16_t command = le16_to_cpu(tx.command); logout
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor