qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH v2] net: check fragment length during fragmentation
@ 2016-08-04  7:30 P J P
  2016-08-04 10:57 ` Dmitry Fleytman
  0 siblings, 1 reply; 3+ messages in thread
From: P J P @ 2016-08-04  7:30 UTC (permalink / raw)
  To: Qemu developers; +Cc: Li Qiang, Jason Wang, Dmitry Fleytman, Prasad J Pandit

From: Prasad J Pandit <pjp@fedoraproject.org>

Network transport abstraction layer supports packet fragmentation.
While fragmenting a packet, it checks for more fragments from
packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/net/net_tx_pkt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Updated as per
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00751.html

diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index efd43b4..53dfaa2 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -590,7 +590,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt,
 
         fragment_offset += fragment_len;
 
-    } while (more_frags);
+    } while (fragment_len && more_frags);
 
     return true;
 }
-- 
2.5.5

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH v2] net: check fragment length during fragmentation
  2016-08-04  7:30 [Qemu-devel] [PATCH v2] net: check fragment length during fragmentation P J P
@ 2016-08-04 10:57 ` Dmitry Fleytman
  2016-08-05  8:42   ` Jason Wang
  0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Fleytman @ 2016-08-04 10:57 UTC (permalink / raw)
  To: P J P; +Cc: Qemu developers, Li Qiang, Jason Wang, Prasad J Pandit

Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>

On Thu, Aug 4, 2016 at 12:30 AM, P J P <ppandit@redhat.com> wrote:

> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Network transport abstraction layer supports packet fragmentation.
> While fragmenting a packet, it checks for more fragments from
> packet length and current fragment length. It is susceptible
> to an infinite loop, if the current fragment length is zero.
> Add check to avoid it.
>
> Reported-by: Li Qiang <liqiang6-s@360.cn>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
>  hw/net/net_tx_pkt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Updated as per
>   -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00751.html
>
> diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
> index efd43b4..53dfaa2 100644
> --- a/hw/net/net_tx_pkt.c
> +++ b/hw/net/net_tx_pkt.c
> @@ -590,7 +590,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct
> NetTxPkt *pkt,
>
>          fragment_offset += fragment_len;
>
> -    } while (more_frags);
> +    } while (fragment_len && more_frags);
>
>      return true;
>  }
> --
> 2.5.5
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [PATCH v2] net: check fragment length during fragmentation
  2016-08-04 10:57 ` Dmitry Fleytman
@ 2016-08-05  8:42   ` Jason Wang
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Wang @ 2016-08-05  8:42 UTC (permalink / raw)
  To: Dmitry Fleytman, P J P; +Cc: Qemu developers, Li Qiang, Prasad J Pandit



On 2016年08月04日 18:57, Dmitry Fleytman wrote:
> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com 
> <mailto:dmitry@daynix.com>>
>
> On Thu, Aug 4, 2016 at 12:30 AM, P J P <ppandit@redhat.com 
> <mailto:ppandit@redhat.com>> wrote:
>
>     From: Prasad J Pandit <pjp@fedoraproject.org
>     <mailto:pjp@fedoraproject.org>>
>
>     Network transport abstraction layer supports packet fragmentation.
>     While fragmenting a packet, it checks for more fragments from
>     packet length and current fragment length. It is susceptible
>     to an infinite loop, if the current fragment length is zero.
>     Add check to avoid it.
>
>     Reported-by: Li Qiang <liqiang6-s@360.cn <mailto:liqiang6-s@360.cn>>
>     Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org
>     <mailto:pjp@fedoraproject.org>>
>     ---
>      hw/net/net_tx_pkt.c | 2 +-
>      1 file changed, 1 insertion(+), 1 deletion(-)
>
>     Updated as per
>       ->
>     https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg00751.html
>
>     diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
>     index efd43b4..53dfaa2 100644
>     --- a/hw/net/net_tx_pkt.c
>     +++ b/hw/net/net_tx_pkt.c
>     @@ -590,7 +590,7 @@ static bool
>     net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt,
>
>              fragment_offset += fragment_len;
>
>     -    } while (more_frags);
>     +    } while (fragment_len && more_frags);
>
>          return true;
>      }
>     --
>     2.5.5
>
>

Applied. Thanks

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-08-05  8:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-04  7:30 [Qemu-devel] [PATCH v2] net: check fragment length during fragmentation P J P
2016-08-04 10:57 ` Dmitry Fleytman
2016-08-05  8:42   ` Jason Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).