qemu-e2k/hw
Stefan Hajnoczi 39b8e7dcaf rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)
Transmit offload needs to parse packet headers.  If header fields have
unexpected values the offload processing is skipped.

The code currently uses nested ifs because there is relatively little
input validation.  The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:06:59 +01:00
..
9pfs virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
acpi hw/acpi/ich9: clean up stale comment about KVM not supporting SMM 2015-07-27 22:44:47 +03:00
alpha hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
arm musicpal: Drop eth_can_receive 2015-07-20 17:47:24 +01:00
audio gus: clean up MemoryRegionPortio 2015-04-27 18:24:18 +02:00
block virtio-blk-dataplane: delete bottom half before the AioContext is freed 2015-07-29 10:02:06 +01:00
bt bt-sdp: fix broken uuids power-of-2 calculation 2015-04-28 15:36:08 +02:00
char virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
core pc,virtio: fixes for 2.4 2015-07-13 13:35:51 +01:00
cpu icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE 2014-11-03 19:51:56 +03:00
cris cris: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-04-11 20:03:57 +10:00
display virtio fixes for 2.4 2015-07-28 17:09:56 +01:00
dma Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
gpio pl061: fix wrong calculation of GPIOMIS register 2015-06-02 14:56:25 +01:00
i2c ACPI: split CONFIG_ACPI into 4 pieces 2015-05-29 11:28:59 +01:00
i386 acpi: fix pvpanic device is not shown in ui 2015-07-27 23:55:27 +03:00
ide ide: Clear DRQ after handling all expected accesses 2015-07-26 23:42:53 -04:00
input virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
intc xics_kvm: Don't enable KVM_CAP_IRQ_XICS if already enabled 2015-07-07 17:44:52 +02:00
ipack pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
isa ich9: implement strap SPKR pin logic 2015-07-08 10:09:55 +03:00
lm32 hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
m68k m68k: implement more ColdFire 5208 interrupt controller functionality 2015-06-22 14:43:25 +01:00
mem numa,pc-dimm: Store pc-dimm memory information in numa_info 2015-07-03 17:47:58 -03:00
microblaze microblaze: boot: Use cpu_set_pc() 2015-07-09 15:20:40 +02:00
mips target-mips: add Unified Hosting Interface (UHI) support 2015-06-26 09:08:50 +01:00
misc macio: remove nonexistent interrupt on pin 1 2015-07-07 17:44:49 +02:00
moxie memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
net rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) 2015-08-03 13:06:59 +01:00
nvram spapr: Merge sPAPREnvironment into sPAPRMachineState 2015-07-07 17:44:50 +02:00
openrisc hw/core/loader: implement address translation in uimage loader 2014-11-03 00:59:10 +03:00
pci pci_add_capability: remove duplicate comments 2015-07-20 14:19:41 +03:00
pci-bridge hw/pci-bridge: format special OFW unit address for PXB host 2015-06-23 22:58:36 +02:00
pci-host piix: piix3 QOMify 2015-06-23 19:57:28 +03:00
pcmcia hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
ppc timer: rename NSEC_PER_SEC due to Mac OS X header clash 2015-07-20 17:01:00 +01:00
s390x s390/virtio-ccw: Fix migration 2015-07-14 19:10:03 +02:00
scsi virtio fixes for 2.4 2015-07-28 17:09:56 +01:00
sd hw/sd/pxa2xx_mmci: Stop using old_mmio in MemoryRegionOps 2015-06-15 18:06:09 +01:00
sh4 sh4/r2d: convert to new MMIO accessor style 2015-06-12 12:02:48 +02:00
sparc fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc 2015-06-10 08:00:37 +02:00
sparc64 fw_cfg: fix FW_CFG_BOOT_DEVICE update on ppc and sparc 2015-06-10 08:00:37 +02:00
ssi omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
timer timer: rename NSEC_PER_SEC due to Mac OS X header clash 2015-07-20 17:01:00 +01:00
tpm qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
tricore target-tricore: check return value before using it 2014-11-02 10:04:34 +03:00
unicore32 hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
usb usbnet: Drop usbnet_can_receive 2015-07-27 14:12:18 +01:00
vfio vfio/pci: Fix bootindex 2015-07-22 14:56:01 -06:00
virtio virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
watchdog watchdog/diag288: correctly register for system reset requests 2015-07-14 19:10:03 +02:00
xen trivial patches for 2015-06-23 2015-06-23 18:25:55 +01:00
xenpv hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xtensa xtensa: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
Makefile.objs vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00