Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
xen
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_rec...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch of Package xen
References: bsc#964947 CVE-2015-5278 Subject: net: avoid infinite loop when receiving packets(CVE-2015-5278) From: P J P pjp@fedoraproject.org Tue Sep 15 16:46:59 2015 +0530 Date: Tue Sep 15 12:51:14 2015 +0100: Git: 737d2b3c41d59eb8f94ab7eb419b957938f24943 Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152) bytes to process network packets. While receiving packets via ne2000_receive() routine, a local 'index' variable could exceed the ring buffer size, leading to an infinite loop situation. Reported-by: Qinghao Tang <luodalongde@gmail.com> Signed-off-by: P J P <pjp@fedoraproject.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Index: xen-4.6.0-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c =================================================================== --- xen-4.6.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c +++ xen-4.6.0-testing/tools/qemu-xen-traditional-dir-remote/hw/ne2000.c @@ -328,7 +328,7 @@ static void ne2000_receive(void *opaque, if (index <= s->stop) avail = s->stop - index; else - avail = 0; + break; len = size; if (len > avail) len = avail;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor