diff options
Diffstat (limited to 'yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2015-7512.patch')
-rw-r--r-- | yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2015-7512.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2015-7512.patch b/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2015-7512.patch deleted file mode 100644 index 50b8a6cee..000000000 --- a/yocto-poky/meta/recipes-devtools/qemu/qemu/CVE-2015-7512.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 8b98a2f07175d46c3f7217639bd5e03f2ec56343 Mon Sep 17 00:00:00 2001 -From: Jason Wang <jasowang@redhat.com> -Date: Mon, 30 Nov 2015 15:00:06 +0800 -Subject: [PATCH] pcnet: fix rx buffer overflow(CVE-2015-7512) - -Backends could provide a packet whose length is greater than buffer -size. Check for this and truncate the packet to avoid rx buffer -overflow in this case. - -Cc: Prasad J Pandit <pjp@fedoraproject.org> -Cc: qemu-stable@nongnu.org -Reviewed-by: Michael S. Tsirkin <mst@redhat.com> -Signed-off-by: Jason Wang <jasowang@redhat.com> - -Upsteam_Status: Backport - -http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f2ec56343 - -CVE: CVE-2015-7512 -[Yocto # 9013] - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - hw/net/pcnet.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -Index: qemu-2.4.0/hw/net/pcnet.c -=================================================================== ---- qemu-2.4.0.orig/hw/net/pcnet.c -+++ qemu-2.4.0/hw/net/pcnet.c -@@ -1065,6 +1065,12 @@ ssize_t pcnet_receive(NetClientState *nc - int pktcount = 0; - - if (!s->looptest) { -+ if (size > 4092) { -+#ifdef PCNET_DEBUG_RMD -+ fprintf(stderr, "pcnet: truncates rx packet.\n"); -+#endif -+ size = 4092; -+ } - memcpy(src, buf, size); - /* no need to compute the CRC */ - src[size] = 0; |