refer to the new repository

[pve-qemu-kvm.git] / debian / patches / old / 0002-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch

diff --git a/debian/patches/old/0002-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch b/debian/patches/old/0002-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
deleted file mode 100644 (file)
index 72c8d25..0000000
--- a/debian/patches/old/0002-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 59fb70f22143eccdf74639871e862df0c2f570fc Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Mon, 30 Nov 2015 15:38:23 +0800
-Subject: [PATCH 2/2] pcnet: fix rx buffer overflow(CVE-2015-7512)
-
-Backends could provide a packet whose length is greater than buffer
-size. Check for this and truncate the packet to avoid rx buffer
-overflow in this case.
-
-Cc: Prasad J Pandit <pjp@fedoraproject.org>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Jason Wang <jasowang@redhat.com>
----
- hw/net/pcnet.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
-index 309c40b..1f4a3db 100644
---- a/hw/net/pcnet.c
-+++ b/hw/net/pcnet.c
-@@ -1064,6 +1064,12 @@ ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
-             int pktcount = 0;
- 
-             if (!s->looptest) {
-+                if (size > 4092) {
-+#ifdef PCNET_DEBUG_RMD
-+                    fprintf(stderr, "pcnet: truncates rx packet.\n");
-+#endif
-+                    size = 4092;
-+                }
-                 memcpy(src, buf, size);
-                 /* no need to compute the CRC */
-                 src[size] = 0;
--- 
-2.1.4
-