File CVE-2016-4002-qemut-net-buffer-overflow-in-MIPSnet-emulator.patch of Package xen.4218

References: bsc#975138 CVE-2016-4002

When receiving packets over MIPSnet network device, it uses
 receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.

Reported by: Oleksandr Bazhaniuk <address@hidden>

Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/net/mipsnet.c | 3 +++
 1 file changed, 3 insertions(+)

Index: xen-4.5.3-testing/tools/qemu-xen-traditional-dir-remote/hw/mipsnet.c
===================================================================
--- xen-4.5.3-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/mipsnet.c
+++ xen-4.5.3-testing/tools/qemu-xen-traditional-dir-remote/hw/mipsnet.c
@@ -85,6 +85,9 @@ static void mipsnet_receive(void *opaque
     if (!mipsnet_can_receive(opaque))
         return;
 
+    if (size >= sizeof(s->rx_buffer)) {
+        return 0;
+    }
     s->busy = 1;
 
     /* Just accept everything. */