qemu/hw/net
P J P 9bbdbc66e5 net: add checks to validate ring buffer pointers(CVE-2015-5279)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15 12:51:14 +01:00
..
fsl_etsec typofixes - v4 2015-09-11 10:45:43 +03:00
rocker maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
Makefile.objs i.MX: Add FEC Ethernet Emulator 2015-09-07 10:39:30 +01:00
allwinner_emac.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
cadence_gem.c cadence_gem: Correct Marvell PHY SPCFC reset value 2015-09-08 17:38:45 +01:00
dp8393x.c net/dp8393x: do not use memory_region_init_rom_device with NULL 2015-07-28 09:30:10 +01:00
e1000.c e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815) 2015-09-15 12:51:02 +01:00
e1000_regs.h e1000: improve auto-negotiation reporting via mii-tool 2014-06-23 17:38:00 +03:00
eepro100.c eepro100: Drop nic_can_receive 2015-07-27 14:12:18 +01:00
etraxfs_eth.c etraxfs_eth: Drop eth_can_receive 2015-07-20 17:47:24 +01:00
imx_fec.c i.MX: Add FEC Ethernet Emulator 2015-09-07 10:39:30 +01:00
lan9118.c lan9118: Drop lan9118_can_receive 2015-07-20 17:47:24 +01:00
lance.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
mcf_fec.c hw/net: handle flow control in mcf_fec driver receiver 2015-07-28 11:27:53 +01:00
milkymist-minimac2.c milkymist-minimac2: Flush queued packets when link comes up 2015-07-27 14:12:18 +01:00
mipsnet.c mipsnet: Flush queued packets when receiving is enabled 2015-07-27 14:12:18 +01:00
ne2000-isa.c ne2000: Drop ne2000_can_receive 2015-09-02 14:51:07 +01:00
ne2000.c net: add checks to validate ring buffer pointers(CVE-2015-5279) 2015-09-15 12:51:14 +01:00
ne2000.h ne2000: Drop ne2000_can_receive 2015-09-02 14:51:07 +01:00
opencores_eth.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
pcnet-pci.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.h pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
rtl8139.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
smc91c111.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
spapr_llan.c spapr: Merge sPAPREnvironment into sPAPRMachineState 2015-07-07 17:44:50 +02:00
stellaris_enet.c stellaris_enet: Flush queued packets when read done 2015-07-27 14:12:18 +01:00
vhost_net.c virtio: avoid leading underscores for helpers 2015-09-10 11:06:05 +03:00
virtio-net.c virtio: avoid leading underscores for helpers 2015-09-10 11:06:05 +03:00
vmware_utils.h exec: Make stb_phys input an AddressSpace 2014-02-11 22:57:38 +10:00
vmxnet3.c vmxnet3: Drop net_vmxnet3_info.can_receive 2015-09-02 14:50:25 +01:00
vmxnet3.h vmxnet3: Eliminate __packed redefined warning 2013-09-06 17:25:55 +02:00
vmxnet_debug.h hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
vmxnet_rx_pkt.c net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_rx_pkt.h net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_tx_pkt.c misc: Use g_assert_not_reached for code which is expected to be unreachable 2013-07-27 11:22:54 +04:00
vmxnet_tx_pkt.h hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
xen_nic.c maint: remove unused include for signal.h 2015-09-11 10:21:38 +03:00
xgmac.c xgmac: Drop packets with eth_can_rx is false. 2015-07-27 14:12:18 +01:00
xilinx_axienet.c axienet: Flush queued packets when rx is done 2015-07-27 14:12:18 +01:00
xilinx_ethlite.c xilinx_ethlite: Clean up after commit 2f991ad 2015-03-10 08:15:33 +03:00