Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.7653
CVE-2015-8743-qemut-ne2000-OOB-memory-access-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-8743-qemut-ne2000-OOB-memory-access-in-ioport-rw-functions.patch of Package xen.7653
From: Prasad J Pandit <address@hidden> While doing ioport r/w operations, ne2000 device emulation suffers from OOB r/w errors. Update respective array bounds check to avoid OOB access. Reported-by: Ling Liu <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/ne2000.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) Updated as per review in -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04863.html Index: xen-4.5.2-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c =================================================================== --- xen-4.5.2-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c +++ xen-4.5.2-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c @@ -541,7 +541,8 @@ static inline void ne2000_mem_writel(NE2 { addr &= ~1; /* XXX: check exact behaviour if not even */ if (addr < 32 || - (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE - 2)) { + (addr >= NE2000_PMEM_START && + addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { cpu_to_le32wu((uint32_t *)(s->mem + addr), val); } } @@ -571,7 +572,8 @@ static inline uint32_t ne2000_mem_readl( { addr &= ~1; /* XXX: check exact behaviour if not even */ if (addr < 32 || - (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE - 2)) { + (addr >= NE2000_PMEM_START && + addr + sizeof(uint32_t) <= NE2000_MEM_SIZE)) { return le32_to_cpupu((uint32_t *)(s->mem + addr)); } else { return 0xffffffff;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor