qemu/hw
P J P b947ac2bf2 e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)
While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]

Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
2015-09-15 12:51:02 +01:00
..
9pfs virtio: get_features() can fail 2015-07-27 18:11:53 +03:00
acpi hw/acpi/ich9: clean up stale comment about KVM not supporting SMM 2015-07-27 22:44:47 +03:00
alpha hw/alpha/typhoon.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
arm i.MX: Add GPIO devices to i.MX25 SOC 2015-09-14 14:39:49 +01:00
audio typofixes - v4 2015-09-11 10:45:43 +03:00
block * Support for jemalloc 2015-09-14 16:13:16 +01:00
bt maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
char maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
core typofixes - v4 2015-09-11 10:45:43 +03:00
cpu hw/cpu/{a15mpcore, a9mpcore}: Handle missing has_el3 CPU props gracefully 2015-09-14 14:39:49 +01:00
cris typofixes - v4 2015-09-11 10:45:43 +03:00
display typofixes - v4 2015-09-11 10:45:43 +03:00
dma * Support for jemalloc 2015-09-14 16:13:16 +01:00
gpio i.MX: Add GPIO device 2015-09-14 14:39:49 +01:00
i2c i.MX: Add I2C controller emulator 2015-09-07 10:39:30 +01:00
i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
ide trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
input typofixes - v4 2015-09-11 10:45:43 +03:00
intc typofixes - v4 2015-09-11 10:45:43 +03:00
ipack pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
isa i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
lm32 hw/lm32/milkymist.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
m68k m68k: implement more ColdFire 5208 interrupt controller functionality 2015-06-22 14:43:25 +01:00
mem numa,pc-dimm: Store pc-dimm memory information in numa_info 2015-07-03 17:47:58 -03:00
microblaze microblaze: boot: Use cpu_set_pc() 2015-07-09 15:20:40 +02:00
mips * Support for jemalloc 2015-09-14 16:13:16 +01:00
misc * Support for jemalloc 2015-09-14 16:13:16 +01:00
moxie memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
net e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815) 2015-09-15 12:51:02 +01:00
nvram maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
openrisc hw/core/loader: implement address translation in uimage loader 2014-11-03 00:59:10 +03:00
pci maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
pci-bridge hw/pci-bridge: format special OFW unit address for PXB host 2015-06-23 22:58:36 +02:00
pci-host maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
pcmcia hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
ppc * Support for jemalloc 2015-09-14 16:13:16 +01:00
s390x hw/s390x/s390-virtio-bus: Remove meaningless blank Property 2015-09-11 10:59:47 +03:00
scsi * Support for jemalloc 2015-09-14 16:13:16 +01:00
sd typofixes - v4 2015-09-11 10:45:43 +03:00
sh4 sh4: Fix initramfs initialization for endiannes-mismatched targets 2015-09-13 23:08:51 +02:00
smbios smbios: add smbios 3.0 support 2015-09-07 10:39:28 +01:00
sparc i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
sparc64 i8257: remove cpu_request_exit irq 2015-09-09 15:34:53 +02:00
ssi arm: Use g_new() & friends where that makes obvious sense 2015-09-07 10:39:27 +01:00
timer i.MX: KZM: use standalone i.MX31 SOC support 2015-09-07 10:39:30 +01:00
tpm maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
tricore target-tricore: check return value before using it 2014-11-02 10:04:34 +03:00
unicore32 hw/unicore32/puv3.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
usb maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
vfio typofixes - v4 2015-09-11 10:45:43 +03:00
virtio hw/virtio/virtio-pci: Remove meaningless blank Property 2015-09-11 11:03:42 +03:00
watchdog i6300esb: fix timer overflow 2015-09-11 10:21:38 +03:00
xen typofixes - v4 2015-09-11 10:45:43 +03:00
xenpv hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xtensa xtensa: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
Makefile.objs smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00