[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [5920] slirp: fix CVE 2007-5729
From: |
Aurelien Jarno |
Subject: |
[Qemu-devel] [5920] slirp: fix CVE 2007-5729 |
Date: |
Sun, 07 Dec 2008 18:15:27 +0000 |
Revision: 5920
http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5920
Author: aurel32
Date: 2008-12-07 18:15:23 +0000 (Sun, 07 Dec 2008)
Log Message:
-----------
slirp: fix CVE 2007-5729
The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.
Signed-off-by: Aurelien Jarno <address@hidden>
Modified Paths:
--------------
trunk/slirp/slirp.c
Modified: trunk/slirp/slirp.c
===================================================================
--- trunk/slirp/slirp.c 2008-12-07 17:16:42 UTC (rev 5919)
+++ trunk/slirp/slirp.c 2008-12-07 18:15:23 UTC (rev 5920)
@@ -654,6 +654,9 @@
if (!m)
return;
/* Note: we add to align the IP header */
+ if (M_FREEROOM(m) < pkt_len + 2) {
+ m_inc(m, pkt_len + 2);
+ }
m->m_len = pkt_len + 2;
memcpy(m->m_data + 2, pkt, pkt_len);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [5920] slirp: fix CVE 2007-5729,
Aurelien Jarno <=