diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch b/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch deleted file mode 100644 index e71bbf6205..0000000000 --- a/meta/recipes-devtools/qemu/qemu/0004-fix-CVE-2016-7909.patch +++ /dev/null @@ -1,42 +0,0 @@ -Upstream-Status: Backport [http://git.qemu.org/?p=qemu.git;a=commit;h=34e29ce] -CVE: CVE-2016-7909 - -Signed-off-by: Kai Kang <kai.kang@windriver.com> ---- -From 34e29ce754c02bb6b3bdd244fbb85033460feaff Mon Sep 17 00:00:00 2001 -From: Prasad J Pandit <pjp@fedoraproject.org> -Date: Fri, 30 Sep 2016 00:27:33 +0530 -Subject: [PATCH] net: pcnet: check rx/tx descriptor ring length - -The AMD PC-Net II emulator has set of control and status(CSR) -registers. Of these, CSR76 and CSR78 hold receive and transmit -descriptor ring length respectively. This ring length could range -from 1 to 65535. Setting ring length to zero leads to an infinite -loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it. - -Reported-by: Li Qiang <liqiang6-s@360.cn> -Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> -Signed-off-by: Jason Wang <jasowang@redhat.com> ---- - hw/net/pcnet.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c -index 198a01f..3078de8 100644 ---- a/hw/net/pcnet.c -+++ b/hw/net/pcnet.c -@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value) - case 47: /* POLLINT */ - case 72: - case 74: -+ break; - case 76: /* RCVRL */ - case 78: /* XMTRL */ -+ val = (val > 0) ? val : 512; -+ break; - case 112: - if (CSR_STOP(s) || CSR_SPND(s)) - break; --- -2.10.1 - |