qemu-e2k/hw
Mauro Matteo Cascella 035e69b063 hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()
An assertion failure issue was found in the code that processes network packets
while adding data fragments into the packet context. It could be abused by a
malicious guest to abort the QEMU process on the host. This patch replaces the
affected assert() with a conditional statement, returning false if the current
data fragment exceeds max_raw_frags.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-08-04 14:14:48 +08:00
..
9pfs virtio-9p: Use ERRP_GUARD() 2020-07-10 15:18:09 +02:00
acpi ACPI: Assert that we don't run out of the preallocated memory 2020-07-27 16:12:10 +01:00
adc
alpha
arm hw/arm/nrf51_soc: Set system_clock_scale 2020-08-03 17:55:31 +01:00
audio
avr hw/avr/boot: Fix memory leak in avr_load_firmware() 2020-07-21 16:13:04 +02:00
block qom: Change object_get_canonical_path_component() not to malloc 2020-07-21 16:23:43 +02:00
char hw/char: Convert the Ibex UART to use the registerfields API 2020-07-13 17:25:37 -07:00
core hw/pci-host: save/restore pci host config register 2020-07-27 10:24:39 -04:00
cpu
cris
display qxl: fix modular builds with dtrace 2020-07-21 10:56:47 +02:00
dma hw: Mark nd_table[] misuse in realize methods FIXME 2020-07-21 08:41:15 +02:00
gpio
hppa
hyperv
i2c hw/i2c: Rename i2c_create_slave() as i2c_slave_create_simple() 2020-07-16 12:30:54 -05:00
i386 hw/pci-host: save/restore pci host config register 2020-07-27 10:24:39 -04:00
ide
input hw/input/virtio-input-hid.c: Don't undef CONFIG_CURSES 2020-07-24 16:15:28 +02:00
intc hw/intc/armv7m_nvic: Provide default "reset the system" behaviour for SYSRESETREQ 2020-08-03 17:55:03 +01:00
ipack
ipmi ipmi: add SET_SENSOR_READING command 2020-07-17 11:39:46 -05:00
isa
lm32
m68k
mem qom: Change object_get_canonical_path_component() not to malloc 2020-07-21 16:23:43 +02:00
microblaze
mips
misc hw/misc/aspeed_sdmc: Fix incorrect memory size 2020-07-27 16:12:10 +01:00
moxie
net hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() 2020-08-04 14:14:48 +08:00
nios2 hw/nios2: exit to main CPU loop only when unmasking interrupts 2020-07-13 14:36:11 +01:00
nubus
nvram hw/nvram/fw_cfg: Let fw_cfg_add_from_generator() return boolean value 2020-07-21 16:47:54 +02:00
openrisc
pci hw/pci-host: save/restore pci host config register 2020-07-27 10:24:39 -04:00
pci-bridge
pci-host xen: Use ERRP_GUARD() 2020-07-10 15:18:09 +02:00
pcmcia
ppc pseries: fix kvmppc_set_fwnmi() 2020-07-27 11:09:25 +10:00
rdma
riscv hw/riscv: sifive_e: Correct debug block size 2020-07-22 09:39:46 -07:00
rtc goldfish_rtc: Fix non-atomic read behaviour of TIME_LOW/TIME_HIGH 2020-07-22 09:39:46 -07:00
rx
s390x s390x/s390-virtio-ccw: fix off-by-one in loadparm getter 2020-07-30 16:53:34 +02:00
scsi error: Avoid error_propagate() after migrate_add_blocker() 2020-07-10 15:18:08 +02:00
sd sd/milkymist-memcard: Fix format string 2020-07-24 15:03:09 +02:00
semihosting semihosting: don't send the trailing '\0' 2020-07-27 09:40:08 +01:00
sh4
smbios
sparc
sparc64
ssi
timer hw/timer/imx_epit: Avoid assertion when CR.SWR is written 2020-08-03 17:56:11 +01:00
tpm tpm: tpm_spapr: Exit on TPM backend failures 2020-07-15 14:57:33 -04:00
tricore
unicore32
usb hw: Only compile the usb-dwc2 controller if it is really needed 2020-07-24 16:15:28 +02:00
vfio vfio: fix use-after-free in display 2020-07-16 10:20:12 +02:00
virtio virtio-pci: fix wrong index in virtio_pci_queue_enabled 2020-07-28 16:54:46 +08:00
watchdog
xen osdep.h: Always include <sys/signal.h> if it exists 2020-07-13 14:36:09 +01:00
xenpv
xtensa
Kconfig hw/avr: Add limited support for some Arduino boards 2020-07-11 11:02:05 +02:00
Makefile.objs