pcnet: fix rx buffer overflow(CVE-2015-7512)
authorJason Wang <jasowang@redhat.com>
Mon, 30 Nov 2015 07:00:06 +0000 (15:00 +0800)
committerJason Wang <jasowang@redhat.com>
Mon, 7 Dec 2015 13:43:48 +0000 (21:43 +0800)
commit8b98a2f07175d46c3f7217639bd5e03f2ec56343
treee2fa47b137dcfff8c0bed02c1b88ed319bd94b44
parent837f21aacf5a714c23ddaadbbc5212f9b661e3f7
pcnet: fix rx buffer overflow(CVE-2015-7512)

Backends could provide a packet whose length is greater than buffer
size. Check for this and truncate the packet to avoid rx buffer
overflow in this case.

Cc: Prasad J Pandit <pjp@fedoraproject.org>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
hw/net/pcnet.c