File CVE-2016-4002-qemuu-net-buffer-overflow-in-MIPSnet-emulator.patch of Package xen.11298

References: bsc#975138 CVE-2016-4002

When receiving packets over MIPSnet network device, it uses
 receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.

Reported by: Oleksandr Bazhaniuk <address@hidden>

Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/net/mipsnet.c | 3 +++
 1 file changed, 3 insertions(+)

Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/mipsnet.c
===================================================================
--- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/net/mipsnet.c
+++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/net/mipsnet.c
@@ -82,6 +82,9 @@ static ssize_t mipsnet_receive(NetClient
     if (!mipsnet_can_receive(nc))
         return -1;
 
+    if (size >= sizeof(s->rx_buffer)) {
+        return 0;
+    }
     s->busy = 1;
 
     /* Just accept everything. */