Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
qemu
0196-net-avoid-infinite-loop-when-receiv.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0196-net-avoid-infinite-loop-when-receiv.patch of Package qemu
From 3f18ed404811b4bd0e67610d08ce776492cf9875 Mon Sep 17 00:00:00 2001 From: P J P <pjp@fedoraproject.org> Date: Tue, 15 Sep 2015 16:46:59 +0530 Subject: [PATCH] net: avoid infinite loop when receiving packets(CVE-2015-5278) Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. While receiving packets via ne2000_receive() routine, a local 'index' variable could exceed the ring buffer size, leading to an infinite loop situation. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> (cherry picked from commit 737d2b3c41d59eb8f94ab7eb419b957938f24943) [BR: BSC#945989] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/net/ne2000.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c index 4c32e9ec25..6eb5011829 100644 --- a/hw/net/ne2000.c +++ b/hw/net/ne2000.c @@ -253,7 +253,7 @@ ssize_t ne2000_receive(NetClientState *nc, const uint8_t *buf, size_t size_) if (index <= s->stop) avail = s->stop - index; else - avail = 0; + break; len = size; if (len > avail) len = avail;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor