Stefan Hajnoczi ce4f451bbb rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165) ...

Transmit offload features access Ethernet and IP headers the packet.  If
the packet is too short we must not attempt to access header fields:

  int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
  ...
  eth_payload_data = saved_buffer + ETH_HLEN;
  ...
  ip = (ip_header*)eth_payload_data;
  if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e1c120a9c5)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

2015-08-04 12:33:36 -05:00

..

fsl_etsec

etsec: Replace qdev_init() by qdev_init_nofail()

2015-02-24 00:19:05 +01:00

allwinner_emac.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

cadence_gem.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

dp8393x.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

e1000_regs.h

e1000: improve auto-negotiation reporting via mii-tool

2014-06-23 17:38:00 +03:00

e1000.c

hw/net/e1000: fix integer endianness

2015-03-27 10:23:50 +00:00

eepro100.c

pci: Trivial device model conversions to realize

2015-02-26 12:42:16 +01:00

etraxfs_eth.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

lan9118.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

lance.c

pcnet: pcnet_common_init() always returns 0, change to void

2015-02-26 12:42:16 +01:00

Makefile.objs

Add Enhanced Three-Speed Ethernet Controller (eTSEC)

2014-03-05 03:06:45 +01:00

mcf_fec.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

milkymist-minimac2.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

mipsnet.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

ne2000-isa.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

ne2000.c

pci: Trivial device model conversions to realize

2015-02-26 12:42:16 +01:00

ne2000.h

ne2000: pass device to ne2000_setup_io, use it as owner

2013-07-04 17:42:46 +02:00

opencores_eth.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

pcnet-pci.c

pcnet: Convert to realize

2015-02-26 12:42:17 +01:00

pcnet.c

pcnet: pcnet_common_init() always returns 0, change to void

2015-02-26 12:42:16 +01:00

pcnet.h

pcnet: pcnet_common_init() always returns 0, change to void

2015-02-26 12:42:16 +01:00

rtl8139.c

rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)

2015-08-04 12:33:36 -05:00

smc91c111.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

spapr_llan.c

spapr_vio: Convert to realize()

2015-03-09 15:00:07 +01:00

stellaris_enet.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

vhost_net.c

vhost_net: Add missing 'static' attribute

2015-03-10 08:15:34 +03:00

virtio-net.c

virtio-net: unbreak any layout

2015-07-29 22:10:36 -05:00

vmware_utils.h

exec: Make stb_phys input an AddressSpace

2014-02-11 22:57:38 +10:00

vmxnet3.c

pci: Trivial device model conversions to realize

2015-02-26 12:42:16 +01:00

vmxnet3.h

vmxnet3: Eliminate __packed redefined warning

2013-09-06 17:25:55 +02:00

vmxnet_debug.h

…

vmxnet_rx_pkt.c

…

vmxnet_rx_pkt.h

…

vmxnet_tx_pkt.c

misc: Use g_assert_not_reached for code which is expected to be unreachable

2013-07-27 11:22:54 +04:00

vmxnet_tx_pkt.h

…

xen_nic.c

hw/net/xen_nic.c: Set 'netdev->mac' to NULL after free it

2015-01-12 10:16:23 +00:00

xgmac.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

xilinx_axienet.c

net: remove all cleanup methods from NIC NetClientInfos

2015-01-12 10:16:23 +00:00

xilinx_ethlite.c

xilinx_ethlite: Clean up after commit 2f991ad

2015-03-10 08:15:33 +03:00