mii/qemu
1
0
Fork 0
mirror of https://github.com/mii443/qemu.git synced 2025-08-30 10:59:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce4f451bbba8edcd2418cfce434b096602248ab3
qemu/hw
History
Stefan Hajnoczi ce4f451bbb rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165) 
Transmit offload features access Ethernet and IP headers the packet.  If
the packet is too short we must not attempt to access header fields:

  int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
  ...
  eth_payload_data = saved_buffer + ETH_HLEN;
  ...
  ip = (ip_header*)eth_payload_data;
  if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e1c120a9c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-08-04 12:33:36 -05:00
..
9pfs
9pfs: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
acpi
hw/acpi/aml-build: Fix memory leak
2015-07-29 18:21:41 -05:00
alpha
alpha: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-04-10 14:15:18 +01:00
arm
arm: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-04-08 17:30:36 +01:00
audio
pcspk: Fix I/O port name
2015-04-04 09:45:59 +03:00
block
fdc: force the fifo access to be in bounds of the allocated buffer
2015-07-28 18:26:06 -05:00
bt
bt-sdp: fix broken uuids power-of-2 calculation
2015-07-28 17:46:44 -05:00
char
spapr_vty: lookup should only return valid VTY objects
2015-07-29 21:48:27 -05:00
core
hw/core: rebase sysbus_get_fw_dev_path() to g_strdup_printf()
2015-07-29 18:41:25 -05:00
cpu
icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE
2014-11-03 19:51:56 +03:00
cris
cris: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-04-11 20:03:57 +10:00
display
Fix remaining warnings from Sparse (void return)
2015-03-19 11:11:55 +03:00
dma
omap: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
gpio
omap: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
i2c
pci: Trivial device model conversions to realize
2015-02-26 12:42:16 +01:00
i386
pc: acpi: fix pvpanic regression
2015-04-01 10:06:38 +02:00
ide
Fix release_drive on unplugged devices (pci_piix3_xen_ide_unplug)
2015-08-04 12:25:11 -05:00
input
adb.c: include ADBDevice parent state in KBDState and MouseState
2015-03-09 15:00:04 +01:00
intc
target-i386: clear bsp bit when designating bsp
2015-04-02 15:57:27 +02:00
ipack
pci: Trivial device model conversions to realize
2015-02-26 12:42:16 +01:00
isa
hw: Mark devices picking up char backends actively FIXME
2015-04-02 15:30:28 +02:00
lm32
lm32: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-04-10 14:12:20 +01:00
m68k
m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-03-25 14:35:24 +01:00
mem
pc-dimm: Add description for device list.
2015-03-19 11:17:36 +03:00
microblaze
Remove superfluous '\n' around error_report()
2015-03-10 08:15:33 +03:00
mips
mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-03-25 14:35:31 +01:00
misc
omap: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
moxie
memory: add parameter errp to memory_region_init_ram
2014-09-09 13:41:43 +02:00
net
rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)
2015-08-04 12:33:36 -05:00
nvram
fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
2015-03-25 13:37:10 +01:00
openrisc
hw/core/loader: implement address translation in uimage loader
2014-11-03 00:59:10 +03:00
pci
pci: Fix crash with illegal "-net nic, model=xxx" option
2015-04-13 12:11:44 +01:00
pci-bridge
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
2015-03-09 09:14:28 +00:00
pci-host
mips: fix broken fulong2e machine
2015-04-17 12:11:48 +01:00
pcmcia
hmp: Remove "info pcmcia"
2014-10-24 12:19:11 +01:00
ppc
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
2015-03-26 17:33:35 +00:00
s390x
s390x/ipl: Fix boot if no bootindex was specified
2015-07-29 21:47:15 -05:00
scsi
scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)
2015-07-29 22:13:25 -05:00
sd
sysbus: Make devices picking up backends unavailable with -device
2015-04-02 15:30:44 +02:00
sh4
r2d: Don't use legacy -usbdevice support for setting up board
2015-02-18 10:53:10 +01:00
sparc
sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory
2015-03-25 14:36:14 +01:00
sparc64
fw_cfg: factor out initialization of FW_CFG_ID (rev. number)
2015-03-25 13:37:10 +01:00
ssi
omap: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
timer
i8254: fix out-of-bounds memory access in pit_ioport_read()
2015-07-29 18:40:21 -05:00
tpm
Fix remaining warnings from Sparse (void return)
2015-03-19 11:11:55 +03:00
tricore
target-tricore: check return value before using it
2014-11-02 10:04:34 +03:00
unicore32
unicore32: Use uc32_cpu_init()
2015-03-10 17:07:28 +01:00
usb
usb: fix usb-net segfault
2015-07-28 18:20:04 -05:00
vfio
vfio/pci: Fix bootindex
2015-07-29 22:12:30 -05:00
virtio
vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
2015-07-29 18:44:36 -05:00
watchdog
i6300esb: Fix signed integer overflow
2015-03-25 13:38:05 +01:00
xen
xen: limit guest control of PCI command register
2015-04-09 23:37:21 +01:00
xenpv
hw: Convert from BlockDriverState to BlockBackend, mostly
2014-10-20 14:02:25 +02:00
xtensa
xtensa: Remove superfluous '\n' around error_report()
2015-03-10 08:15:33 +03:00
Makefile.objs
vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio
2014-12-19 15:24:06 -07:00