From: Jason Wang <jasowang@redhat.com>
To: peter.maydell@linaro.org, qemu-devel@nongnu.org
Cc: Prasad J Pandit <pjp@fedoraproject.org>,
Jason Wang <jasowang@redhat.com>
Subject: [Qemu-devel] [PULL V4 02/31] net: mipsnet: check packet length against buffer
Date: Thu, 2 Jun 2016 14:47:53 +0800 [thread overview]
Message-ID: <1464850102-17829-3-git-send-email-jasowang@redhat.com> (raw)
In-Reply-To: <1464850102-17829-1-git-send-email-jasowang@redhat.com>
From: Prasad J Pandit <pjp@fedoraproject.org>
When receiving packets over MIPSnet network device, it uses
receive buffer of size 1514 bytes. In case the controller
accepts large(MTU) packets, it could lead to memory corruption.
Add check to avoid it.
Reported by: Oleksandr Bazhaniuk <oleksandr.bazhaniuk@intel.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/mipsnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index 740cd98..cf8b823 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -83,6 +83,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const uint8_t *buf, size_t si
if (!mipsnet_can_receive(nc))
return 0;
+ if (size >= sizeof(s->rx_buffer)) {
+ return 0;
+ }
s->busy = 1;
/* Just accept everything. */
--
2.7.4
next prev parent reply other threads:[~2016-06-02 6:48 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-02 6:47 [Qemu-devel] [PULL V4 00/31] Net patches Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 01/31] net/tap: Allocating Large sized arrays to heap Jason Wang
2016-06-02 6:47 ` Jason Wang [this message]
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 03/31] net: vl: Move default_net to vl.c Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 04/31] net/net: Add SocketReadState for reuse codes Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 05/31] pci: fix unaligned access in pci_xxx_quad() Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 06/31] msix: make msix_clr_pending() visible for clients Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 07/31] pci: Introduce define for PM capability version 1.1 Jason Wang
2016-06-02 6:47 ` [Qemu-devel] [PULL V4 08/31] pcie: Add support for PCIe CAP v1 Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 09/31] pcie: Introduce function for DSN capability creation Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 10/31] vmxnet3: Use generic function for DSN capability definition Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 11/31] net: Introduce Toeplitz hash calculator Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 12/31] net: Add macros for MAC address tracing Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 13/31] vmxnet3: Use common MAC address tracing macros Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 14/31] net_pkt: Name vmxnet3 packet abstractions more generic Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 15/31] rtl8139: Move more TCP definitions to common header Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 16/31] net_pkt: Extend packet abstraction as required by e1000e functionality Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 17/31] vmxnet3: Use pci_dma_* API instead of cpu_physical_memory_* Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 18/31] e1000_regs: Add definitions for Intel 82574-specific bits Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 19/31] e1000: Move out code that will be reused in e1000e Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 20/31] net: Introduce e1000e device emulation Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 21/31] e1000e: Introduce qtest for e1000e device Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 22/31] net: improve UDP/TCP checksum computation Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 23/31] net: handle optional VLAN header in " Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 24/31] i.MX: Fix FEC code for MDIO operation selection Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 25/31] i.MX: Fix FEC code for MDIO address selection Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 26/31] i.MX: Fix FEC code for ECR register reset value Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 27/31] i.MX: reset TX/RX descriptors when FEC is disabled Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 28/31] i.MX: Rename i.MX FEC defines to ENET_XXX Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 29/31] i.MX: move FEC device to a register array structure Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 30/31] Add ENET/Gbps Ethernet support to FEC device Jason Wang
2016-06-02 6:48 ` [Qemu-devel] [PULL V4 31/31] Add ENET device to i.MX6 SOC Jason Wang
2016-06-02 14:15 ` [Qemu-devel] [PULL V4 00/31] Net patches Peter Maydell
2016-06-02 16:29 ` Peter Maydell
2016-06-02 18:09 ` Dmitry Fleytman
2016-06-02 18:38 ` Dmitry Fleytman
2016-06-02 21:45 ` Peter Maydell
2016-06-02 19:05 ` Eric Blake
2016-06-03 0:40 ` Fam Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464850102-17829-3-git-send-email-jasowang@redhat.com \
--to=jasowang@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=pjp@fedoraproject.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).