]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f4c861f) | patch
rtl8139: check TCP Data Offset field (CVE-2015-5165)
authorStefan Hajnoczi <stefanha@redhat.com>
Wed, 15 Jul 2015 16:39:29 +0000 (17:39 +0100)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 4 Aug 2015 17:34:00 +0000 (12:34 -0500)
commit35c30d3efdfb7d06f978cdb711cb27bc280dcbe8
tree94e2a6609fc00838372f0085e1907fe0f7fa590ftree
parentf4c861fd68838649e81e0f9a6d75b154fda76440commit | diff
rtl8139: check TCP Data Offset field (CVE-2015-5165)

The TCP Data Offset field contains the length of the header.  Make sure
it is valid and does not exceed the IP data length.

Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 8357946b15f0a31f73dd691b7da95f29318ed310)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/net/rtl8139.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git