Prasad J Pandit 837f21aacf net: pcnet: add check to validate receive data size(CVE-2015-7504)
In loopback mode, pcnet_receive routine appends CRC code to the
receive buffer. If the data size given is same as the buffer size,
the appended CRC code overwrites 4 bytes after s->buffer. Added a
check to avoid that.

Reported by: Qinghao Tang <luodalongde@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-12-07 21:43:48 +08:00
..
2015-09-25 14:56:22 +02:00
2015-10-27 13:16:21 +00:00
2015-10-02 16:22:02 -03:00
2015-09-25 12:04:43 +02:00
2015-10-20 09:26:36 +02:00
2015-09-14 16:13:16 +01:00
2015-10-27 15:59:46 +00:00
2015-10-27 15:59:46 +00:00
2015-10-23 12:35:18 +11:00
2015-10-23 12:35:17 +11:00
2015-10-27 15:59:46 +00:00
2015-09-25 12:04:43 +02:00
2015-09-25 12:04:43 +02:00
2015-09-25 21:52:30 +01:00
2015-10-27 15:59:46 +00:00
2015-10-23 12:35:18 +11:00
2015-10-23 12:35:18 +11:00
2015-10-21 12:21:30 +02:00
2015-10-12 11:17:45 +01:00
2015-09-07 10:39:28 +01:00
2015-10-27 15:59:46 +00:00
2015-10-23 10:24:08 +01:00
2015-09-25 14:52:17 +02:00