File CVE-2016-2841-qemuu-ne2000-infinite-loop-in-ne2... of Package xen.8005

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-2841-qemuu-ne2000-infinite-loop-in-ne2000_receive.patch of Package xen.8005

References: bsc#969351 CVE-2016-2841

From: Prasad J Pandit <address@hidden>

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. Registers PSTART & PSTOP
define ring buffer size & location. Setting these registers
to invalid values could lead to infinite loop or OOB r/w
access issues. Add check to avoid it.

Reported-by: Yang Hongke <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/net/ne2000.c | 4 ++++
 1 file changed, 4 insertions(+)

Update per review:
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg05522.html

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/ne2000.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/net/ne2000.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/ne2000.c
@@ -154,6 +154,10 @@ static int ne2000_buffer_full(NE2000Stat
 {
     int avail, index, boundary;
 
+    if (s->stop <= s->start) {
+        return 1;
+    }
+
     index = s->curpag << 8;
     boundary = s->boundary << 8;
     if (index < boundary)

Places

File CVE-2016-2841-qemuu-ne2000-infinite-loop-in-ne2000_receive.patch of Package xen.8005

Places