xemu/hw/net
Jason Wang b1d80d12c5 pcnet: fix possible buffer overflow
In pcnet_receive(), we try to assign size_ to size which converts from
size_t to integer. This will cause troubles when size_ is greater
INT_MAX, this will lead a negative value in size and it can then pass
the check of size < MIN_BUF_SIZE which may lead out of bound access
for both buf and buf1.

Fixing by converting the type of size to size_t.

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
..
can hw/net/can: Fix segfaults when using the devices without bus 2018-03-26 14:37:13 +02:00
fsl_etsec etsec: fix IRQ (un)masking 2018-07-16 11:18:09 +10:00
rocker compiler: add a sizeof_field() macro 2018-06-27 13:01:40 +01:00
allwinner_emac.c qapi: Change Netdev into a flat union 2016-07-19 20:18:02 +02:00
cadence_gem.c net: cadence_gem: Implement support for 64bit descriptor addresses 2018-10-16 17:13:50 +01:00
dp8393x.c hw/net/dp8393x: don't make prom region 'nomigrate' 2018-07-09 14:51:35 +01:00
e1000_regs.h e1000: Rename the SEC symbol to SEQEC 2017-09-08 08:17:37 +08:00
e1000.c e1000: Choose which set of props to migrate 2018-04-10 11:30:03 +08:00
e1000e_core.c e1000e: Prevent MSI/MSI-X storms 2018-07-20 08:30:48 +08:00
e1000e_core.h e1000e: Prevent MSI/MSI-X storms 2018-07-20 08:30:48 +08:00
e1000e.c hw/net: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
e1000x_common.c hw/net: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
e1000x_common.h e1000, e1000e: Move per-packet TX offload flags out of context state 2017-12-22 09:53:23 +08:00
eepro100.c hw/net: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
etraxfs_eth.c hw/net/etraxfs_eth: Convert printf() calls to trace events 2018-06-29 15:04:18 +01:00
ftgmac100.c ftgmac100: remove check on runt messages 2018-06-08 13:15:32 +01:00
imx_fec.c fsl-imx6: Swap Ethernet interrupt defines 2018-03-19 18:23:24 +00:00
lan9118.c lan9118: use inline net_crc32() and bitshift instead of compute_mcast_idx() 2017-12-22 10:01:27 +08:00
lance.c hw/net: Remove unnecessary header includes 2018-03-05 10:30:16 +08:00
Makefile.objs hw: make virtio devices configurable via default-configs/ 2018-06-01 15:14:31 +02:00
mcf_fec.c hw: Do not include "exec/address-spaces.h" if it is not necessary 2018-06-01 14:15:10 +02:00
milkymist-minimac2.c memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
mipsnet.c qapi: Change Netdev into a flat union 2016-07-19 20:18:02 +02:00
ne2000-isa.c hw: Do not include "exec/address-spaces.h" if it is not necessary 2018-06-01 14:15:10 +02:00
ne2000.c ne2000: fix possible out of bound access in ne2000_receive 2018-10-19 11:15:04 +08:00
ne2000.h hw/net: Use the IEC binary prefix definitions 2018-07-02 15:41:16 +02:00
net_rx_pkt.c net: Transmit zero UDP checksum as 0xFFFF 2017-11-20 11:08:00 +08:00
net_rx_pkt.h net_pkt: Extend packet abstraction as required by e1000e functionality 2016-06-02 10:42:28 +08:00
net_tx_pkt.c net: fix misaligned member access 2018-03-02 18:44:00 +00:00
net_tx_pkt.h clean-includes: run it once more 2016-06-16 18:39:03 +02:00
opencores_eth.c opencores_eth: use inline net_crc32() and bitshift instead of compute_mcast_idx() 2017-12-22 10:01:27 +08:00
pcnet-pci.c hw/net/pcnet-pci: Unify pcnet_ioport_read/write and pcnet_mmio_read/write 2018-09-25 15:13:24 +01:00
pcnet.c pcnet: fix possible buffer overflow 2018-10-19 11:15:04 +08:00
pcnet.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
rtl8139.c rtl8139: fix possible out of bound access 2018-10-19 11:15:04 +08:00
smc91c111.c hw/net/smc91c111: Use qemu_log_mask(UNIMP) instead of fprintf 2018-06-26 17:50:41 +01:00
spapr_llan.c hw/net/spapr_llan: 6 byte mac address device tree entry 2017-02-22 14:28:53 +11:00
stellaris_enet.c hw/net/stellaris_enet: Use qemu_log_mask(GUEST_ERROR) instead of hw_error 2018-06-26 17:50:41 +01:00
sungem.c sungem: fix multicast filter CRC calculation 2017-12-22 10:00:47 +08:00
sunhme.c sunhme: switch sunhme over to use net_crc32_le() 2017-12-22 10:00:47 +08:00
trace-events hw/net/pcnet-pci: Unify pcnet_ioport_read/write and pcnet_mmio_read/write 2018-09-25 15:13:24 +01:00
vhost_net.c spec/vhost-user spec: Add IOMMU support 2017-06-02 18:57:17 +03:00
virtio-net.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
vmware_utils.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet3.c qdev: use device_class_set_parent_realize/unrealize/reset() 2018-02-05 13:54:38 +01:00
vmxnet3.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet_debug.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
xen_nic.c xen: remove other open-coded use of libxengnttab 2018-05-22 11:43:21 -07:00
xgmac.c hw/net: Remove unnecessary header includes 2018-03-05 10:30:16 +08:00
xilinx_axienet.c object: fix OBJ_PROP_LINK_UNREF_ON_RELEASE ambivalence 2018-06-12 12:07:30 +02:00
xilinx_ethlite.c hw/net: Fix a heap overflow in xlnx.xps-ethernetlite 2016-08-09 15:27:18 +08:00