debian/patches/CVE-2016-2841-net-ne2000-check-ring-buffer-control-registers.patch

   1 From 1f42922e61feff85f92e4eef77a50d1bc0c2498e Mon Sep 17 00:00:00 2001
   2 From: Prasad J Pandit <pjp@fedoraproject.org>
   3 Date: Wed, 24 Feb 2016 11:41:33 +0530
   4 Subject: [PATCH] net: ne2000: check ring buffer control registers
   5
   6 Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
   7 bytes to process network packets. Registers PSTART & PSTOP
   8 define ring buffer size & location. Setting these registers
   9 to invalid values could lead to infinite loop or OOB r/w
  10 access issues. Add check to avoid it.
  11
  12 Reported-by: Yang Hongke <yanghongke@huawei.com>
  13 Tested-by: Yang Hongke <yanghongke@huawei.com>
  14 Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
  15 Signed-off-by: Jason Wang <jasowang@redhat.com>
  16 ---
  17  hw/net/ne2000.c | 4 ++++
  18  1 file changed, 4 insertions(+)
  19
  20 diff --git a/hw/net/ne2000.c b/hw/net/ne2000.c
  21 index 3ab2d03..a1c7f23 100644
  22 --- a/hw/net/ne2000.c
  23 +++ b/hw/net/ne2000.c
  24 @@ -154,6 +154,10 @@ static int ne2000_buffer_full(NE2000State *s)
  25  {
  26      int avail, index, boundary;
  27
  28 +    if (s->stop <= s->start) {
  29 +        return 1;
  30 +    }
  31 +
  32      index = s->curpag << 8;
  33      boundary = s->boundary << 8;
  34      if (index < boundary)
  35 --
  36 2.1.4
  37