| Message ID | 20180925072327.24055-1-jasowang@redhat.com |
|---|---|
| Headers | show |
| Series | Fix buffer overflow for packet greater than INT_MAX | expand |
On Tue, Sep 25, 2018 at 03:23:23PM +0800, Jason Wang wrote: > Hi: > > This series tries to address the buffer overflow caused by converting > from size_t to int in several nic model and net core. This is > CVE-2018-10839. > > Please review. > > Thanks Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Jason Wang (4): > ne2000: fix possible out of bound access in ne2000_receive > rtl8139: fix possible out of bound access > pcnet: fix possible buffer overflow > net: ignore packet size greater than INT_MAX > > hw/net/ne2000.c | 4 ++-- > hw/net/pcnet.c | 4 ++-- > hw/net/rtl8139.c | 8 ++++---- > net/net.c | 7 ++++++- > 4 files changed, 14 insertions(+), 9 deletions(-) > > -- > 2.17.1
On 2018年09月25日 22:13, Michael S. Tsirkin wrote: > On Tue, Sep 25, 2018 at 03:23:23PM +0800, Jason Wang wrote: >> Hi: >> >> This series tries to address the buffer overflow caused by converting >> from size_t to int in several nic model and net core. This is >> CVE-2018-10839. >> >> Please review. >> >> Thanks > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Applied. Thanks > >> Jason Wang (4): >> ne2000: fix possible out of bound access in ne2000_receive >> rtl8139: fix possible out of bound access >> pcnet: fix possible buffer overflow >> net: ignore packet size greater than INT_MAX >> >> hw/net/ne2000.c | 4 ++-- >> hw/net/pcnet.c | 4 ++-- >> hw/net/rtl8139.c | 8 ++++---- >> net/net.c | 7 ++++++- >> 4 files changed, 14 insertions(+), 9 deletions(-) >> >> -- >> 2.17.1