Fix buffer overflow for packet greater than INT_MAX

[Qemu-devel] [PATCH 0/4] Fix buffer overflow for packet greater than INT_MAX

Jason Wang posted 4 patches 7 years, 1 month ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20180925072327.24055-1-jasowang@redhat.com

Test docker-clang@ubuntu failed

Test checkpatch passed

hw/net/ne2000.c  | 4 ++--
hw/net/pcnet.c   | 4 ++--
hw/net/rtl8139.c | 8 ++++----
net/net.c        | 7 ++++++-
4 files changed, 14 insertions(+), 9 deletions(-)

Expand all Fold all

[Qemu-devel] [PATCH 0/4] Fix buffer overflow for packet greater than INT_MAX

Posted by Jason Wang 7 years, 1 month ago

Hi:

This series tries to address the buffer overflow caused by converting
from size_t to int in several nic model and net core. This is
CVE-2018-10839.

Please review.

Thanks

Jason Wang (4):
  ne2000: fix possible out of bound access in ne2000_receive
  rtl8139: fix possible out of bound access
  pcnet: fix possible buffer overflow
  net: ignore packet size greater than INT_MAX

 hw/net/ne2000.c  | 4 ++--
 hw/net/pcnet.c   | 4 ++--
 hw/net/rtl8139.c | 8 ++++----
 net/net.c        | 7 ++++++-
 4 files changed, 14 insertions(+), 9 deletions(-)

-- 
2.17.1

Re: [Qemu-devel] [PATCH 0/4] Fix buffer overflow for packet greater than INT_MAX

Posted by Michael S. Tsirkin 7 years, 1 month ago

On Tue, Sep 25, 2018 at 03:23:23PM +0800, Jason Wang wrote:
> Hi:
> 
> This series tries to address the buffer overflow caused by converting
> from size_t to int in several nic model and net core. This is
> CVE-2018-10839.
> 
> Please review.
> 
> Thanks

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

> Jason Wang (4):
>   ne2000: fix possible out of bound access in ne2000_receive
>   rtl8139: fix possible out of bound access
>   pcnet: fix possible buffer overflow
>   net: ignore packet size greater than INT_MAX
> 
>  hw/net/ne2000.c  | 4 ++--
>  hw/net/pcnet.c   | 4 ++--
>  hw/net/rtl8139.c | 8 ++++----
>  net/net.c        | 7 ++++++-
>  4 files changed, 14 insertions(+), 9 deletions(-)
> 
> -- 
> 2.17.1

Re: [Qemu-devel] [PATCH 0/4] Fix buffer overflow for packet greater than INT_MAX

Posted by Jason Wang 7 years, 1 month ago


On 2018年09月25日 22:13, Michael S. Tsirkin wrote:
> On Tue, Sep 25, 2018 at 03:23:23PM +0800, Jason Wang wrote:
>> Hi:
>>
>> This series tries to address the buffer overflow caused by converting
>> from size_t to int in several nic model and net core. This is
>> CVE-2018-10839.
>>
>> Please review.
>>
>> Thanks
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

Applied.

Thanks

>
>> Jason Wang (4):
>>    ne2000: fix possible out of bound access in ne2000_receive
>>    rtl8139: fix possible out of bound access
>>    pcnet: fix possible buffer overflow
>>    net: ignore packet size greater than INT_MAX
>>
>>   hw/net/ne2000.c  | 4 ++--
>>   hw/net/pcnet.c   | 4 ++--
>>   hw/net/rtl8139.c | 8 ++++----
>>   net/net.c        | 7 ++++++-
>>   4 files changed, 14 insertions(+), 9 deletions(-)
>>
>> -- 
>> 2.17.1