2020-11-20 03:11:58 |
alfred gedeon |
bug |
|
|
added bug |
2020-11-20 03:12:29 |
alfred gedeon |
description |
peeked message is not equal to read message
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Thanks,
Alfred |
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Thanks,
Alfred |
|
2020-11-20 04:08:18 |
alfred gedeon |
description |
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Thanks,
Alfred |
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of size peeked data smaller than the actual packet received, which could cause a buffer overflow and its attaks.
Thanks,
Alfred |
|
2020-11-20 04:12:10 |
alfred gedeon |
description |
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of size peeked data smaller than the actual packet received, which could cause a buffer overflow and its attaks.
Thanks,
Alfred |
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of size peeked data smaller than the actual packet received, which could cause a buffer overflow.
Thanks,
Alfred |
|
2020-12-23 06:15:58 |
alfred gedeon |
summary |
lan9118 bug peeking receive massage size not equal to received message size |
lan9118 bug peeked received message size not equal to actual received message size |
|
2021-01-08 19:06:29 |
Peter Maydell |
qemu: status |
New |
In Progress |
|
2021-01-15 16:14:01 |
Peter Maydell |
qemu: status |
In Progress |
Fix Committed |
|
2021-04-29 10:45:17 |
Thomas Huth |
tags |
ethernet lan lan9118 netwroking |
ethernet lan lan9118 networking |
|
2021-04-30 07:18:54 |
Thomas Huth |
qemu: status |
Fix Committed |
Fix Released |
|