Go to file
Reimar Döffinger 24e6f3551f fix stack buffer overflows in eepro100.c tx
Hello,
the real world issue is that the hardware allows sends up to 2600 bytes,
and for some reason FreeBSD sometimes sends frames larger than the
ethernet frame size (102+1460 is the maximum I have seen so far),
overflowing the on-stack tx buffer of the driver.
Independent of that, the code should avoid allowing the guest to
overwrite the stack.
This is a minimal patch to fix the issue (you could leave out the size
change of the buf array as well, networking still seems to work either
way). Obviously there are better ways to handle it, but a proper fix IMO
would involve first getting rid of the code duplication and given the
number of patches pending for that code I see no point in working on that now.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2009-08-27 20:35:30 -05:00
audio Fix dsound typos 2009-08-26 13:55:44 +04:00
block raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
bsd-user bsd-user: Add generic env variable handling 2009-08-15 10:35:42 +00:00
darwin-user Replace local ADDRX/PADDRX macros with TARGET_FMT_lx/plx 2009-08-16 11:13:18 +00:00
fpu rename NEEDS_LIBSUNMATH to CONFIG_NEEDS_LIBSUNMATH 2009-07-27 14:10:55 -05:00
gdb-xml gdb-xml: fix hacks in powerpc register numbering 2009-07-12 23:42:05 +02:00
hw fix stack buffer overflows in eepro100.c tx 2009-08-27 20:35:30 -05:00
linux-user Replace local ADDRX/PADDRX macros with TARGET_FMT_lx/plx 2009-08-16 11:13:18 +00:00
pc-bios Rename CPPFLAGS to QEMU_CFLAGS 2009-08-10 13:05:39 -05:00
slirp Add missing "static" 2009-08-01 10:13:43 +00:00
target-alpha cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-arm cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-cris cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-i386 kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
target-m68k cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-microblaze cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-mips target-mips: fix conditional moves off fp condition codes 2009-08-25 18:05:27 +02:00
target-ppc kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
target-sh4 cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
target-sparc cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
tcg ARM back-end: Fix encode_imm 2009-08-25 01:14:14 +02:00
tests Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
.gitignore multiboot.raw is a generated file 2009-08-27 20:30:22 -05:00
a.out.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
acl.c rename HAVE_FNMATCH_H to CONFIG_FNMATCH 2009-07-27 14:09:20 -05:00
acl.h Support ACLs for controlling VNC access ("Daniel P. Berrange") 2009-03-06 20:27:37 +00:00
aes.c Include assert.h from qemu-common.h 2009-05-13 20:54:26 +01:00
aes.h AES crypto support 2004-08-01 21:54:53 +00:00
aio.c Handle BH's queued by AIO completions in qemu_aio_flush() 2009-07-22 10:58:46 -05:00
alpha-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
alpha.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
arm-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
arm-semi.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
arm.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
balloon.h Add missing file from previous commit. 2008-12-04 20:35:16 +00:00
block_int.h qcow2: Metadata preallocation 2009-08-27 20:30:20 -05:00
block.c raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
block.h raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
bswap.h rename WORDS_BIGENDIAN to HOST_WORDS_BIGENDIAN 2009-07-27 14:09:21 -05:00
bt-host.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
bt-host.h Clean build: Add bt-host.h 2009-03-10 21:43:35 +00:00
bt-vhci.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
buffered_file.c Fix most warnings (errors with -Werror) when debugging is enabled 2009-07-20 17:19:25 +00:00
buffered_file.h Introduce a buffered file wrapper for QEMUFile 2008-10-13 03:10:22 +00:00
cache-utils.c Properly initialize len argument of sysctl and include stdio.h (perror) 2009-02-04 20:39:09 +00:00
cache-utils.h Remove all traces of __powerpc__ 2009-01-14 18:39:49 +00:00
Changelog Update Changelog to reflect 0.10.2 release 2009-04-07 02:19:41 +00:00
cmd.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
cmd.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
cocoa.m Update cocoa.m to match new DisplayState code (Samuel Benson) 2009-03-04 19:25:22 +00:00
CODING_STYLE Remove potentially offensive humor. 2009-04-07 02:10:16 +00:00
configure raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
console.c rename WORDS_BIGENDIAN to HOST_WORDS_BIGENDIAN 2009-07-27 14:09:21 -05:00
console.h sdl zooming 2009-06-29 08:52:44 -05:00
COPYING COPYING: update from FSF 2008-10-12 17:54:42 +00:00
COPYING.LIB Update FSF address in GPL/LGPL boilerplate 2009-01-04 22:05:52 +00:00
cpu-all.h Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
cpu-common.h Make CPURead/WriteFunc structure 'const' 2009-08-25 18:29:31 +00:00
cpu-defs.h extend -smp parsing to include cores= and threads= options 2009-08-27 19:33:15 -05:00
cpu-exec.c cleanup cpu-exec.c, part 0/N: consolidate handle_cpu_signal 2009-08-24 08:21:42 -05:00
create_config We also need TARGET_<arechname> in Makefiles 2009-08-10 13:05:46 -05:00
cris-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
curses_keys.h Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
curses.c Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
cutils.c Revert "support colon in filenames" 2009-07-09 16:06:38 -05:00
d3des.c Ansify to please sparse 2008-10-27 19:49:12 +00:00
d3des.h Actually add d3des implementation files. 2007-08-25 02:09:50 +00:00
def-helper.h def-helper.h allow helpers returning pointers 2009-08-22 17:23:55 +00:00
device_tree.c Remove unused variable 2009-05-24 21:24:33 +01:00
device_tree.h Wean device tree code off phys_ram_base. 2009-04-10 16:23:59 +00:00
dis-asm.h microblaze: Add disassembler. 2009-05-26 21:10:28 +02:00
disas.c rename WORDS_BIGENDIAN to HOST_WORDS_BIGENDIAN 2009-07-27 14:09:21 -05:00
disas.h monitor: Rework API (Jan Kiszka) 2009-03-05 23:01:23 +00:00
dma-helpers.c fully split aio_pool from BlockDriver 2009-05-27 09:46:03 -05:00
dma.h fully split aio_pool from BlockDriver 2009-05-27 09:46:03 -05:00
dyngen-exec.h rename HOST_BSD to CONFIG_BSD 2009-07-27 14:09:20 -05:00
elf_ops.h Fix symfind. 2009-08-10 13:05:25 -05:00
elf.h Avoid name clashes with symbols that leak from system headers 2009-07-18 13:16:51 +04:00
envlist.c linux-user: compile envlist.c only once 2009-08-15 08:47:42 +00:00
envlist.h linux-user: compile envlist.c only once 2009-08-15 08:47:42 +00:00
exec-all.h Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
exec.c kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
feature_to_c.sh Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
gdbstub.c kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
gdbstub.h Guest debugging support for KVM (Jan Kiszka) 2009-03-12 20:12:48 +00:00
gen-icount.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
host-utils.c user: compile host-utils.c only once 2009-08-16 08:03:26 +00:00
host-utils.h user: compile host-utils.c only once 2009-08-16 08:03:26 +00:00
hostregs_helper.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
hpet.h Add a local copy of hpet.h. 2007-09-16 20:03:23 +00:00
hppa-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
hppa.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
hxtool Fix hxtool. 2009-07-02 17:54:34 +00:00
i386-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
i386.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
ia64.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
ioport-user.c ioport: use uint{32, 16, 8}_t for ioport value and pio_addr_t for ioport address. 2009-07-16 17:28:50 -05:00
ioport.c Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
ioport.h ioport: use uint{32, 16, 8}_t for ioport value and pio_addr_t for ioport address. 2009-07-16 17:28:50 -05:00
keymaps.c Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
keymaps.h Add missing file from previous commit 2009-03-06 22:47:54 +00:00
kvm-all.c kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
kvm.h kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
libfdt_env.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
LICENSE Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
linux-aio.c raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
loader.c rename WORDS_BIGENDIAN to HOST_WORDS_BIGENDIAN 2009-07-27 14:09:21 -05:00
m68k-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
m68k-semi.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
m68k.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
MAINTAINERS Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
Makefile raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
Makefile.hw qemu: move virtio-pci.o to near pci.o 2009-08-24 08:46:47 -05:00
Makefile.target qdev: convert watchdogs 2009-08-27 20:35:24 -05:00
microblaze-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
migration-exec.c unify popen/fopen qemu wrappers 2009-08-24 08:02:55 -05:00
migration-fd.c add file descriptor migration 2009-08-27 19:33:15 -05:00
migration-tcp.c fix migration to obey -S 2009-07-30 09:50:36 -05:00
migration-unix.c Migration via unix sockets. 2009-08-24 08:01:42 -05:00
migration.c add file descriptor migration 2009-08-27 19:33:15 -05:00
migration.h add file descriptor migration 2009-08-27 19:33:15 -05:00
mips-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
mips.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
module.c Fix module initialization when more than 1 class is in use 2009-05-14 18:06:49 -05:00
module.h Convert machine registration to use module init functions 2009-05-21 08:47:55 -05:00
monitor.c kvm: Simplify cpu_synchronize_state() 2009-08-27 20:35:30 -05:00
monitor.h Add monitor_get_fd() command for fetching named fds 2009-07-27 08:39:28 -05:00
nbd.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
nbd.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
net-checksum.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
net.c Add missing linefeed in error message 2009-08-24 08:01:40 -05:00
net.h net: Fix do_set_link() return type 2009-08-10 13:05:48 -05:00
osdep.c Only build osdep once 2009-08-24 08:02:55 -05:00
osdep.h move useful type definitons to osdep.h 2009-08-27 20:30:20 -05:00
path.c user: compile path.c only once 2009-08-15 07:51:59 +00:00
pci-ids.txt List virtio console device in pci-ids.txt 2009-01-24 16:37:31 +00:00
posix-aio-compat.c raw-posix: refactor AIO support 2009-08-27 20:30:22 -05:00
ppc64.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
ppc-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
ppc.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
qemu_socket.h Fix windows build and clean up use of <windows.h> 2009-03-08 16:26:59 +00:00
qemu-aio.h fix qemu_aio_flush 2009-06-15 13:52:27 +02:00
qemu-binfmt-conf.sh Code provision for n32/n64 mips userland emulation. Not functional yet. 2007-09-30 01:58:33 +00:00
qemu-char.c char: Emit 'CLOSED' events on char device close 2009-08-24 08:21:42 -05:00
qemu-char.h char: Emit 'CLOSED' events on char device close 2009-08-24 08:21:42 -05:00
qemu-common.h user: compile path.c only once 2009-08-15 07:51:59 +00:00
qemu-config.c raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
qemu-config.h QemuOpts: switch over -device. 2009-08-10 13:05:27 -05:00
qemu-doc.texi Userspace guest address offsetting 2009-07-17 13:12:41 +01:00
qemu-img-cmds.hx Use hxtool for qemu-img command list 2009-06-07 09:59:47 +03:00
qemu-img.c qmu-img: fix qemu-img convert to generate a valid image when the source referenced a backing file 2009-07-22 10:58:47 -05:00
qemu-img.texi Add new block driver for the VDI format (only aio supported) 2009-08-10 13:05:30 -05:00
qemu-io.c raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
qemu-lock.h rename USE_NPTL to CONFIG_USE_NPTL 2009-07-27 14:10:55 -05:00
qemu-log.h Define macros that will become the new logging API (Eduardo Habkost) 2009-01-15 21:52:11 +00:00
qemu-malloc.c Format per CODING_STYLE 2009-05-19 22:29:20 +04:00
qemu-monitor.hx Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
qemu-nbd.c Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
qemu-nbd.texi Fix formatting of documentation (Stefan Weil) 2008-09-22 20:41:57 +00:00
qemu-option.c QemuOpts: qemu_opts_parse: fix id= parsing 2009-08-10 13:05:26 -05:00
qemu-option.h QemuOpts: add some functions 2009-08-10 13:05:25 -05:00
qemu-options.hx raw-posix: add Linux native AIO support 2009-08-27 20:30:22 -05:00
qemu-sockets.c Fix in file qemu-sockets.c 2009-05-08 16:11:49 -05:00
qemu-tech.texi Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
qemu-thread.c qemu-thread: use pthread_equal 2009-07-22 10:58:49 -05:00
qemu-thread.h qemu: mutex/thread/cond wrappers and configure tweaks (Marcelo Tosatti) 2009-04-24 18:03:15 +00:00
qemu-timer.h variable timer intervals 2009-08-10 13:05:31 -05:00
qemu-tool.c Fix most warnings (errors with -Werror) when debugging is enabled 2009-07-20 17:19:25 +00:00
qemu.sasl Add SASL authentication support ("Daniel P. Berrange") 2009-03-06 20:27:28 +00:00
readline.c readline: Remove unneeded qemu_mallocz() check 2009-06-16 15:18:37 -05:00
readline.h monitor: Improve mux'ed console experience (Jan Kiszka) 2009-03-05 23:01:47 +00:00
README Add missing newline at the end of file 2008-12-14 08:50:18 +00:00
rules.mak Rename CPPFLAGS to QEMU_CFLAGS 2009-08-10 13:05:39 -05:00
s390-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
s390.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
savevm.c Add VMState support to run a function after load 2009-08-27 20:30:22 -05:00
sdl_keysym.h Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
sdl_zoom_template.h sdl zooming 2009-06-29 08:52:44 -05:00
sdl_zoom.c Fix sdl_zoom compile problems on OpenBSD 2009-07-01 18:49:34 +00:00
sdl_zoom.h Remove SDL/ prefix 2009-07-08 18:25:37 +04:00
sdl.c sdl.c: support 32 bpp cursors 2009-08-23 18:03:34 +02:00
sh4-dis.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
softmmu_defs.h Fix some warnings that would be generated by gcc -Wredundant-decls 2008-08-30 09:51:20 +00:00
softmmu_exec.h Allow 5 mmu indexes. 2009-04-07 21:47:27 +00:00
softmmu_header.h Remove dead i386 assembly code from softmmu_header.h 2009-07-16 17:28:50 -05:00
softmmu_template.h Unbreak large mem support by removing kqemu 2009-08-24 08:02:55 -05:00
softmmu-semi.h Suppress gcc 4.x -Wpointer-sign (included in -Wall) warnings 2008-09-20 08:07:15 +00:00
sparc64.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
sparc-dis.c Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
sparc.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
sys-queue.h Remove CRs 2008-12-14 08:53:17 +00:00
sysemu.h make load_vmstate() return errors 2009-08-27 20:30:20 -05:00
tap-win32.c tap-win32: Use correct headers. 2009-07-27 14:09:15 -05:00
targphys.h kvm: Mark full address range dirty on live migration start 2009-05-28 02:14:56 -05:00
texi2pod.pl Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
thunk.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
thunk.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
TODO Update 2008-12-04 11:29:42 +00:00
translate-all.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
uboot_image.h Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00
usb-bsd.c Support for DragonFly BSD (Hasso Tepper) 2009-03-07 20:06:23 +00:00
usb-linux.c Fix Sparse warnings: "Using plain integer as NULL pointer" 2009-07-31 21:16:51 +00:00
usb-stub.c monitor: Rework API (Jan Kiszka) 2009-03-05 23:01:23 +00:00
VERSION Update version for 0.11 development 2009-07-16 18:12:18 -05:00
vgafont.h Some little fixes on QEMU 2008-09-06 16:31:30 +00:00
vl.c qdev: convert watchdogs 2009-08-27 20:35:24 -05:00
vnc_keysym.h More NULL pointer fixes 2009-08-01 10:13:20 +00:00
vnc-auth-sasl.c Remove tabs introduced from VNC ACL series 2009-03-06 20:27:40 +00:00
vnc-auth-sasl.h Support ACLs for controlling VNC access ("Daniel P. Berrange") 2009-03-06 20:27:37 +00:00
vnc-auth-vencrypt.c Add more missing files 2009-03-06 23:44:29 +00:00
vnc-auth-vencrypt.h Add more missing files 2009-03-06 23:44:29 +00:00
vnc-tls.c Add more missing files 2009-03-06 23:44:29 +00:00
vnc-tls.h Add more missing files 2009-03-06 23:44:29 +00:00
vnc.c When using stdio monitor and VNC display, one can set or clear a VNC password; this should set or turn off VNC authentication as well. 2009-08-24 08:01:40 -05:00
vnc.h variable timer intervals 2009-08-10 13:05:31 -05:00
vnchextile.h single vnc server surface 2009-08-10 13:05:30 -05:00
x86_64.ld set SEARCH_PATH for the linker script from output of ld --verbose -v 2009-07-27 14:10:56 -05:00
x_keymap.c Fix SDL on evdev hosts (Anthony Liguori) 2009-03-03 17:37:21 +00:00
x_keymap.h Fix SDL on evdev hosts (Anthony Liguori) 2009-03-03 17:37:21 +00:00

Read the documentation in qemu-doc.html.

Fabrice Bellard.