Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.10697
CVE-2016-6835-qemuu-net-vmxnet3-buffer-overflow...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-6835-qemuu-net-vmxnet3-buffer-overflow-in-vmxnet_tx_pkt_parse_headers.patch of Package xen.10697
References: bsc#994625 CVE-2016-6835 Vmxnet3 device emulator when parsing packet headers does not check for IP header length. It could lead to a OOB access when reading further packet data. Add check to avoid it. Reported-by: Li Qiang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/vmxnet_tx_pkt.c | 5 +++++ 1 file changed, 5 insertions(+) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/net/vmxnet_tx_pkt.c @@ -177,6 +177,11 @@ static bool vmxnet_tx_pkt_parse_headers( } l3_hdr->iov_len = IP_HDR_GET_LEN(l3_hdr->iov_base); + if(l3_hdr->iov_len < sizeof(struct ip_header)) + { + l3_hdr->iov_len = 0; + return false; + } pkt->l4proto = ((struct ip_header *) l3_hdr->iov_base)->ip_p; /* copy optional IPv4 header data */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor