[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ead315: net: check fragment length during fra
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] ead315: net: check fragment length during fragmentation |
Date: |
Tue, 09 Aug 2016 03:30:07 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
https://github.com/qemu/qemu/commit/ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
Author: Prasad J Pandit <address@hidden>
Date: 2016-08-09 (Tue, 09 Aug 2016)
Changed paths:
M hw/net/net_tx_pkt.c
Log Message:
-----------
net: check fragment length during fragmentation
Network transport abstraction layer supports packet fragmentation.
While fragmenting a packet, it checks for more fragments from
packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Reviewed-by: Dmitry Fleytman <address@hidden>
CC: address@hidden
Signed-off-by: Jason Wang <address@hidden>
Commit: 6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
https://github.com/qemu/qemu/commit/6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
Author: Li Qiang <address@hidden>
Date: 2016-08-09 (Tue, 09 Aug 2016)
Changed paths:
M hw/net/vmxnet3.c
Log Message:
-----------
net: vmxnet3: check for device_active before write
Vmxnet3 device emulator does not check if the device is active,
before using it for write. It leads to a use after free issue,
if the vmxnet3_io_bar0_write routine is called after the device is
deactivated. Add check to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Acked-by: Dmitry Fleytman <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Commit: a0d1cbdacff5df4ded16b753b38fdd9da6092968
https://github.com/qemu/qemu/commit/a0d1cbdacff5df4ded16b753b38fdd9da6092968
Author: chaojianhu <address@hidden>
Date: 2016-08-09 (Tue, 09 Aug 2016)
Changed paths:
M hw/net/xilinx_ethlite.c
Log Message:
-----------
hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
The .receive callback of xlnx.xps-ethernetlite doesn't check the length
of data before calling memcpy. As a result, the NetClientState object in
heap will be overflowed. All versions of qemu with xlnx.xps-ethernetlite
will be affected.
Reported-by: chaojianhu <address@hidden>
Signed-off-by: chaojianhu <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
Commit: ab861f3915e8667927cf18ad97f71cae7ccf8818
https://github.com/qemu/qemu/commit/ab861f3915e8667927cf18ad97f71cae7ccf8818
Author: Peter Maydell <address@hidden>
Date: 2016-08-09 (Tue, 09 Aug 2016)
Changed paths:
M hw/net/net_tx_pkt.c
M hw/net/vmxnet3.c
M hw/net/xilinx_ethlite.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into
staging
# gpg: Signature made Tue 09 Aug 2016 08:28:39 BST
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
hw/net: Fix a heap overflow in xlnx.xps-ethernetlite
net: vmxnet3: check for device_active before write
net: check fragment length during fragmentation
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/53279c76cf07...ab861f3915e8
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ead315: net: check fragment length during fragmentation,
GitHub <=