From: Jason Wang <jasowang@redhat.com>
To: peter.maydell@linaro.org, qemu-devel@nongnu.org
Cc: Prasad J Pandit <pjp@fedoraproject.org>,
Jason Wang <jasowang@redhat.com>
Subject: [Qemu-devel] [PULL 02/20] net: mipsnet: check packet length against buffer
Date: Mon, 23 May 2016 10:13:44 +0800 [thread overview]
Message-ID: <1463969642-5908-3-git-send-email-jasowang@redhat.com> (raw)
In-Reply-To: <1463969642-5908-1-git-send-email-jasowang@redhat.com>
From: Prasad J Pandit <pjp@fedoraproject.org>
When receiving packets over MIPSnet network device, it uses
receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/mipsnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index 740cd98..cf8b823 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
if (!mipsnet_can_receive(nc))
return 0;
+ if (size >= sizeof(s->rx_buffer)) {
+ return 0;
+ }
s->busy = 1;
/* Just accept everything. */
--
2.7.4
next prev parent reply other threads:[~2016-05-23 2:14 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-23 2:13 [Qemu-devel] [PULL 00/20] Net patches Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 01/20] net/tap: Allocating Large sized arrays to heap Jason Wang
2016-05-23 2:13 ` Jason Wang [this message]
2016-05-23 2:13 ` [Qemu-devel] [PULL 03/20] msix: make msix_clr_pending() visible for clients Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 04/20] pci: Introduce define for PM capability version 1.1 Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 05/20] pcie: Add support for PCIe CAP v1 Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 06/20] pcie: Introduce function for DSN capability creation Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 07/20] vmxnet3: Use generic function for DSN capability definition Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 08/20] net: Introduce Toeplitz hash calculator Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 09/20] net: Add macros for MAC address tracing Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 10/20] vmxnet3: Use common MAC address tracing macros Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 11/20] net_pkt: Name vmxnet3 packet abstractions more generic Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 12/20] rtl8139: Move more TCP definitions to common header Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 13/20] net_pkt: Extend packet abstraction as required by e1000e functionality Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 14/20] vmxnet3: Use pci_dma_* API instead of cpu_physical_memory_* Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 15/20] e1000_regs: Add definitions for Intel 82574-specific bits Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 16/20] e1000: Move out code that will be reused in e1000e Jason Wang
2016-05-23 2:13 ` [Qemu-devel] [PULL 17/20] net: Introduce e1000e device emulation Jason Wang
2016-05-23 2:14 ` [Qemu-devel] [PULL 18/20] e1000e: Introduce qtest for e1000e device Jason Wang
2016-05-23 2:14 ` [Qemu-devel] [PULL 19/20] net: vl: Move default_net to vl.c Jason Wang
2016-05-23 2:14 ` [Qemu-devel] [PULL 20/20] net/net: Add SocketReadState for reuse codes Jason Wang
2016-05-23 11:09 ` [Qemu-devel] [PULL 00/20] Net patches Peter Maydell
2016-05-24 5:33 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1463969642-5908-3-git-send-email-jasowang@redhat.com \
--to=jasowang@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=pjp@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).