P J P
737d2b3c41
net: avoid infinite loop when receiving packets(CVE-2015-5278) ...
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15 12:51:14 +01:00
2015-07-27 18:11:53 +03:00
2015-07-27 22:44:47 +03:00
2015-06-03 14:21:24 +03:00
2015-09-14 14:39:49 +01:00
2015-09-11 10:45:43 +03:00
2015-09-14 16:13:16 +01:00
2015-09-11 10:21:38 +03:00
2015-09-11 10:21:38 +03:00
2015-09-11 10:45:43 +03:00
2015-09-14 14:39:49 +01:00
2015-09-11 10:45:43 +03:00
2015-09-11 10:45:43 +03:00
2015-09-14 16:13:16 +01:00
2015-09-14 14:39:49 +01:00
2015-09-07 10:39:30 +01:00
2015-09-14 16:13:16 +01:00
2015-09-11 10:21:38 +03:00
2015-09-11 10:45:43 +03:00
2015-09-11 10:45:43 +03:00
2015-02-26 12:42:16 +01:00
2015-09-09 15:34:53 +02:00
2015-06-03 14:21:24 +03:00
2015-06-22 14:43:25 +01:00
2015-07-03 17:47:58 -03:00
2015-07-09 15:20:40 +02:00
2015-09-14 16:13:16 +01:00
2015-09-14 16:13:16 +01:00
2014-09-09 13:41:43 +02:00
2015-09-15 12:51:14 +01:00
2015-09-11 10:21:38 +03:00
2014-11-03 00:59:10 +03:00
2015-09-11 10:21:38 +03:00
2015-06-23 22:58:36 +02:00
2015-09-11 10:21:38 +03:00
2014-10-24 12:19:11 +01:00
2015-09-14 16:13:16 +01:00
2015-09-11 10:59:47 +03:00
2015-09-14 16:13:16 +01:00
2015-09-11 10:45:43 +03:00
2015-09-13 23:08:51 +02:00
2015-09-07 10:39:28 +01:00
2015-09-09 15:34:53 +02:00
2015-09-09 15:34:53 +02:00
2015-09-07 10:39:27 +01:00
2015-09-07 10:39:30 +01:00
2015-09-11 10:21:38 +03:00
2014-11-02 10:04:34 +03:00
2015-06-03 14:21:24 +03:00
2015-09-11 10:21:38 +03:00
2015-09-11 10:45:43 +03:00
2015-09-11 11:03:42 +03:00
2015-09-11 10:21:38 +03:00
2015-09-11 10:45:43 +03:00
2014-10-20 14:02:25 +02:00
2015-03-10 08:15:33 +03:00
2015-08-13 14:08:30 +03:00
737d2b3c41