Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5575
CVE-2016-6834-qemuu-net-vmxnet3-an-infinite-loo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-6834-qemuu-net-vmxnet3-an-infinite-loop-during-packet-fragmentation.patch of Package xen.5575
References: bsc#994421 CVE-2016-6834 Subject: net: check fragment length during fragmentation From: Prasad J Pandit pjp@fedoraproject.org Thu Aug 4 13:00:14 2016 +0530 Date: Tue Aug 9 11:45:30 2016 +0800: Git: ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 Network transport abstraction layer supports packet fragmentation. While fragmenting a packet, it checks for more fragments from packet length and current fragment length. It is susceptible to an infinite loop, if the current fragment length is zero. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> CC: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c =================================================================== --- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c +++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c @@ -543,7 +543,7 @@ static bool vmxnet_tx_pkt_do_sw_fragment fragment_offset += fragment_len; - } while (more_frags); + } while (fragment_len && more_frags); return true; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor