OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
39b8e7dcaf
qemu-e2k/hw/net
History
Stefan Hajnoczi 39b8e7dcaf rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) 
Transmit offload needs to parse packet headers.  If header fields have
unexpected values the offload processing is skipped.

The code currently uses nested ifs because there is relatively little
input validation.  The next patches will add missing input validation
and a goto label is more appropriate to avoid deep if statement nesting.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03 13:06:59 +01:00
..
fsl_etsec etsec: Flush queue when rx buffer is consumed 2015-07-27 14:12:18 +01:00
rocker rocker: mark copy-to-cpu pkts as forwarding offloaded 2015-07-07 13:13:22 +01:00
allwinner_emac.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
cadence_gem.c cadence_gem: Fix Rx buffer size field mask 2015-06-03 16:03:03 +03:00
dp8393x.c net/dp8393x: do not use memory_region_init_rom_device with NULL 2015-07-28 09:30:10 +01:00
e1000_regs.h e1000: improve auto-negotiation reporting via mii-tool 2014-06-23 17:38:00 +03:00
e1000.c e1000: flush packets when link comes up 2015-07-07 13:10:26 +01:00
eepro100.c eepro100: Drop nic_can_receive 2015-07-27 14:12:18 +01:00
etraxfs_eth.c etraxfs_eth: Drop eth_can_receive 2015-07-20 17:47:24 +01:00
lan9118.c lan9118: Drop lan9118_can_receive 2015-07-20 17:47:24 +01:00
lance.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
Makefile.objs qmp/hmp: add rocker device support 2015-06-12 13:42:17 +01:00
mcf_fec.c hw/net: handle flow control in mcf_fec driver receiver 2015-07-28 11:27:53 +01:00
milkymist-minimac2.c milkymist-minimac2: Flush queued packets when link comes up 2015-07-27 14:12:18 +01:00
mipsnet.c mipsnet: Flush queued packets when receiving is enabled 2015-07-27 14:12:18 +01:00
ne2000-isa.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
ne2000.c pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
ne2000.h ne2000: pass device to ne2000_setup_io, use it as owner 2013-07-04 17:42:46 +02:00
opencores_eth.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
pcnet-pci.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.h pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
rtl8139.c rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165) 2015-08-03 13:06:59 +01:00
smc91c111.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
spapr_llan.c spapr: Merge sPAPREnvironment into sPAPRMachineState 2015-07-07 17:44:50 +02:00
stellaris_enet.c stellaris_enet: Flush queued packets when read done 2015-07-27 14:12:18 +01:00
vhost_net.c Revert "vhost-user: add multi queue support" 2015-07-20 14:19:40 +03:00
virtio-net.c virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
vmware_utils.h exec: Make stb_phys input an AddressSpace 2014-02-11 22:57:38 +10:00
vmxnet3.c net/vmxnet3: Fix RX TCP/UDP checksum on partially summed packets 2015-07-20 17:39:05 +01:00
vmxnet3.h vmxnet3: Eliminate __packed redefined warning 2013-09-06 17:25:55 +02:00
vmxnet_debug.h
vmxnet_rx_pkt.c net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_rx_pkt.h net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_tx_pkt.c misc: Use g_assert_not_reached for code which is expected to be unreachable 2013-07-27 11:22:54 +04:00
vmxnet_tx_pkt.h
xen_nic.c xen: Drop net_rx_ok 2015-07-28 11:35:54 +01:00
xgmac.c xgmac: Drop packets with eth_can_rx is false. 2015-07-27 14:12:18 +01:00
xilinx_axienet.c axienet: Flush queued packets when rx is done 2015-07-27 14:12:18 +01:00
xilinx_ethlite.c xilinx_ethlite: Clean up after commit 2f991ad 2015-03-10 08:15:33 +03:00