Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
xen.1589
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix....
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch of Package xen.1589
References: bsc#956832 CVE-2015-8345 From: Prasad J Pandit <address@hidden> Date: Fri, 16 Oct 2015 11:33:27 +0530 Subject: eepro100: prevent an infinite loop over same command block action_command() routine executes a chain of commands located in the Command Block List(CBL). Each Command Block(CB) has a link to the next CB in the list, given by 's->tx.link'. This is used in conjunction with the base address 's->cu_base'. An infinite loop unfolds if the 'link' to the next CB is same as the previous one, the loop ends up executing the same command over and over again. Reported-by: Qinghao Tang <address@hidden> Signed-off-by: Prasad J Pandit <address@hidden> --- hw/net/eepro100.c | 2 ++ 1 file changed, 2 insertions(+) Index: xen-4.4.3-testing/tools/qemu-xen-dir-remote/hw/net/eepro100.c =================================================================== --- xen-4.4.3-testing.orig/tools/qemu-xen-dir-remote/hw/net/eepro100.c +++ xen-4.4.3-testing/tools/qemu-xen-dir-remote/hw/net/eepro100.c @@ -863,6 +863,8 @@ static void action_command(EEPRO100State uint16_t ok_status = STATUS_OK; s->cb_address = s->cu_base + s->cu_offset; read_cb(s); + if (s->tx.link == s->cu_offset) + break; bit_el = ((s->tx.command & COMMAND_EL) != 0); bit_s = ((s->tx.command & COMMAND_S) != 0); bit_i = ((s->tx.command & COMMAND_I) != 0);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor