Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
xen.3265
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-i...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch of Package xen.3265
References: bsc#962360 CVE-2015-7512 Backends could provide a packet whose length is greater than buffer size. Check for this and truncate the packet to avoid rx buffer overflow in this case. Cc: Prasad J Pandit <address@hidden> Cc: address@hidden Signed-off-by: Jason Wang <address@hidden> --- hw/net/pcnet.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: xen-4.4.3-testing/tools/qemu-xen-dir-remote/hw/net/pcnet.c =================================================================== --- xen-4.4.3-testing.orig/tools/qemu-xen-dir-remote/hw/net/pcnet.c +++ xen-4.4.3-testing/tools/qemu-xen-dir-remote/hw/net/pcnet.c @@ -1087,6 +1087,12 @@ ssize_t pcnet_receive(NetClientState *nc int pktcount = 0; if (!s->looptest) { + if (size > 4092) { +#ifdef PCNET_DEBUG_RMD + fprintf(stderr, "pcnet: truncates rx packet.\n"); +#endif + size = 4092; + } memcpy(src, buf, size); /* no need to compute the CRC */ src[size] = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor