qemu-e2k/hw
P J P 737d2b3c41 net: avoid infinite loop when receiving packets(CVE-2015-5278)
Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-15 12:51:14 +01:00
..
9pfs virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
acpi hw/acpi/ich9: clean up stale comment about KVM not supporting SMM 2015-07-27 22:44:47 +03:00
alpha hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
arm i.MX: Add GPIO devices to i.MX25 SOC 2015-09-14 14:39:49 +01:00
audio typofixes - v4 2015-09-11 10:45:43 +03:00
block * Support for jemalloc 2015-09-14 16:13:16 +01:00
bt maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
char maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
core typofixes - v4 2015-09-11 10:45:43 +03:00
cpu hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully 2015-09-14 14:39:49 +01:00
cris typofixes - v4 2015-09-11 10:45:43 +03:00
display typofixes - v4 2015-09-11 10:45:43 +03:00
dma * Support for jemalloc 2015-09-14 16:13:16 +01:00
gpio i.MX: Add GPIO device 2015-09-14 14:39:49 +01:00
i2c i.MX: Add I2C controller emulator 2015-09-07 10:39:30 +01:00
i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
ide trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
input typofixes - v4 2015-09-11 10:45:43 +03:00
intc typofixes - v4 2015-09-11 10:45:43 +03:00
ipack pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
isa i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
lm32 hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
m68k m68k: implement more ColdFire 5208 interrupt controller functionality 2015-06-22 14:43:25 +01:00
mem numa,pc-dimm: Store pc-dimm memory information in numa_info 2015-07-03 17:47:58 -03:00
microblaze microblaze: boot: Use cpu_set_pc() 2015-07-09 15:20:40 +02:00
mips * Support for jemalloc 2015-09-14 16:13:16 +01:00
misc * Support for jemalloc 2015-09-14 16:13:16 +01:00
moxie
net net: avoid infinite loop when receiving packets(CVE-2015-5278) 2015-09-15 12:51:14 +01:00
nvram maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
openrisc
pci maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
pci-bridge hw/pci-bridge: format special OFW unit address for PXB host 2015-06-23 22:58:36 +02:00
pci-host maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
pcmcia
ppc * Support for jemalloc 2015-09-14 16:13:16 +01:00
s390x hw/s390x/s390-virtio-bus: Remove meaningless blank Property 2015-09-11 10:59:47 +03:00
scsi * Support for jemalloc 2015-09-14 16:13:16 +01:00
sd typofixes - v4 2015-09-11 10:45:43 +03:00
sh4 sh4: Fix initramfs initialization for endiannes-mismatched targets 2015-09-13 23:08:51 +02:00
smbios smbios: add smbios 3.0 support 2015-09-07 10:39:28 +01:00
sparc i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
sparc64 i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
ssi arm: Use g_new() & friends where that makes obvious sense 2015-09-07 10:39:27 +01:00
timer i.MX: KZM: use standalone i.MX31 SOC support 2015-09-07 10:39:30 +01:00
tpm maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
tricore
unicore32 hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
usb maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
vfio typofixes - v4 2015-09-11 10:45:43 +03:00
virtio hw/virtio/virtio-pci: Remove meaningless blank Property 2015-09-11 11:03:42 +03:00
watchdog i6300esb: fix timer overflow 2015-09-11 10:21:38 +03:00
xen typofixes - v4 2015-09-11 10:45:43 +03:00
xenpv
xtensa xtensa: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
Makefile.objs smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00