[Pkg-xen-changes] r604 - in branches/etch/xen-3.0/debian: . patches

Tue Jul 15 19:10:44 UTC 2008

Author: waldi
Date: Tue Jul 15 19:10:44 2008
New Revision: 604

Log:
Fix CVE-2007-1321.

* debian/changelog: Update.
* debian/patches/00list: Add new patch.
* debian/patches/CVE-2007-1321.dpatch: Add.


Added:
   branches/etch/xen-3.0/debian/patches/CVE-2007-1321.dpatch   (contents, props changed)
Modified:
   branches/etch/xen-3.0/debian/changelog
   branches/etch/xen-3.0/debian/patches/00list

Modified: branches/etch/xen-3.0/debian/changelog
==============================================================================

--- branches/etch/xen-3.0/debian/changelog	(original)
+++ branches/etch/xen-3.0/debian/changelog	Tue Jul 15 19:10:44 2008
@@ -2,6 +2,8 @@
 
   * Disable access to the qemu monitor.
     See: CVE-2007-0998
+  * Fix integer signedness error in ne2000 emulator.
+    See: CVE-2007-1321
   * Fix heap overflow in network handling.
     See: CVE-2007-5730
   * Clear debug registers for HVM guests.

Modified: branches/etch/xen-3.0/debian/patches/00list
==============================================================================
--- branches/etch/xen-3.0/debian/patches/00list	(original)
+++ branches/etch/xen-3.0/debian/patches/00list	Tue Jul 15 19:10:44 2008
@@ -15,3 +15,4 @@
 CVE-2008-2004
 CVE-2007-0998
 CVE-2007-5730
+CVE-2007-1321

Added: branches/etch/xen-3.0/debian/patches/CVE-2007-1321.dpatch
==============================================================================
--- (empty file)
+++ branches/etch/xen-3.0/debian/patches/CVE-2007-1321.dpatch	Tue Jul 15 19:10:44 2008
@@ -0,0 +1,27 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+ at DPATCH@
+diff -r 02b4247ef707 -r bea754626f14 tools/ioemu/hw/ne2000.c
+--- a/tools/ioemu/hw/ne2000.c	Tue Jul 15 20:57:15 2008 +0200
++++ b/tools/ioemu/hw/ne2000.c	Tue Jul 15 21:02:33 2008 +0200
+@@ -230,7 +230,7 @@ static void ne2000_receive(void *opaque,
+ {
+     NE2000State *s = opaque;
+     uint8_t *p;
+-    int total_len, next, avail, len, index, mcast_idx;
++    unsigned int total_len, next, avail, len, index, mcast_idx;
+     uint8_t buf1[60];
+     static const uint8_t broadcast_macaddr[6] = 
+         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+@@ -299,7 +299,10 @@ static void ne2000_receive(void *opaque,
+ 
+     /* write packet data */
+     while (size > 0) {
+-        avail = s->stop - index;
++        if (index <= s->stop)
++            avail = s->stop - index;
++        else
++            avail = 0;
+         len = size;
+         if (len > avail)
+             len = avail;

