From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lc1F8-0000CX-L7 for qemu-devel@nongnu.org; Tue, 24 Feb 2009 12:38:54 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lc1F6-00008P-L2 for qemu-devel@nongnu.org; Tue, 24 Feb 2009 12:38:53 -0500 Received: from [199.232.76.173] (port=41338 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lc1F6-00008E-GQ for qemu-devel@nongnu.org; Tue, 24 Feb 2009 12:38:52 -0500 Received: from mail-gx0-f175.google.com ([209.85.217.175]:46677) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Lc1F6-0001dP-3f for qemu-devel@nongnu.org; Tue, 24 Feb 2009 12:38:52 -0500 Received: by gxk23 with SMTP id 23so7751651gxk.10 for ; Tue, 24 Feb 2009 09:38:51 -0800 (PST) MIME-Version: 1.0 Sender: dustin.kirkland@gmail.com Date: Tue, 24 Feb 2009 11:38:49 -0600 Message-ID: From: Dustin Kirkland Content-Type: multipart/mixed; boundary=001485f91dd282602d0463ad9775 Subject: [Qemu-devel] [PATCH] net socket verify packet size Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --001485f91dd282602d0463ad9775 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit net socket oversized packet This is a patch being carried by Ubuntu against kvm/qemu. Verify packet size before performing memcpy(). Signed-off-by: Dustin Kirkland --001485f91dd282602d0463ad9775 Content-Type: text/x-diff; charset=US-ASCII; name="net-socket.patch" Content-Disposition: attachment; filename="net-socket.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_frkuxa7g0 ZGlmZiAtdXJwTiBrdm1fODQrZGZzZy5uZXcvcWVtdS9uZXQuYyBrdm1fODQrZGZzZy5uZXcubmV3 L3FlbXUvbmV0LmMKLS0tIGt2bV84NCtkZnNnLm5ldy9xZW11L25ldC5jCTIwMDktMDItMTIgMDk6 MTk6MjYuMDAwMDAwMDAwIC0wNjAwCisrKyBrdm1fODQrZGZzZy5uZXcubmV3L3FlbXUvbmV0LmMJ MjAwOS0wMi0xNiAxNjo1MDo1Ny4xOTU3OTY5MjUgLTA2MDAKQEAgLTEyNDYsOCArMTI0Niw4IEBA IHR5cGVkZWYgc3RydWN0IE5ldFNvY2tldFN0YXRlIHsKICAgICBWTEFOQ2xpZW50U3RhdGUgKnZj OwogICAgIGludCBmZDsKICAgICBpbnQgc3RhdGU7IC8qIDAgPSBnZXR0aW5nIGxlbmd0aCwgMSA9 IGdldHRpbmcgZGF0YSAqLwotICAgIGludCBpbmRleDsKLSAgICBpbnQgcGFja2V0X2xlbjsKKyAg ICB1bnNpZ25lZCBpbnQgaW5kZXg7CisgICAgdW5zaWduZWQgaW50IHBhY2tldF9sZW47CiAgICAg dWludDhfdCBidWZbNDA5Nl07CiAgICAgc3RydWN0IHNvY2thZGRyX2luIGRncmFtX2RzdDsgLyog Y29udGFpbnMgaW5ldCBob3N0IGFuZCBwb3J0IGRlc3RpbmF0aW9uIGlmZiBjb25uZWN0aW9ubGVz cyAoU09DS19ER1JBTSkgKi8KIH0gTmV0U29ja2V0U3RhdGU7CkBAIC0xMjgwLDcgKzEyODAsOCBA QCBzdGF0aWMgdm9pZCBuZXRfc29ja2V0X3JlY2VpdmVfZGdyYW0odm9pCiBzdGF0aWMgdm9pZCBu ZXRfc29ja2V0X3NlbmQodm9pZCAqb3BhcXVlKQogewogICAgIE5ldFNvY2tldFN0YXRlICpzID0g b3BhcXVlOwotICAgIGludCBsLCBzaXplLCBlcnI7CisgICAgaW50IHNpemUsIGVycjsKKyAgICB1 bnNpZ25lZCBsOwogICAgIHVpbnQ4X3QgYnVmMVs0MDk2XTsKICAgICBjb25zdCB1aW50OF90ICpi dWY7CiAKQEAgLTEzMTksNyArMTMyMCwxNSBAQCBzdGF0aWMgdm9pZCBuZXRfc29ja2V0X3NlbmQo dm9pZCAqb3BhcXVlCiAgICAgICAgICAgICBsID0gcy0+cGFja2V0X2xlbiAtIHMtPmluZGV4Owog ICAgICAgICAgICAgaWYgKGwgPiBzaXplKQogICAgICAgICAgICAgICAgIGwgPSBzaXplOwotICAg ICAgICAgICAgbWVtY3B5KHMtPmJ1ZiArIHMtPmluZGV4LCBidWYsIGwpOworICAgICAgICAgICAg aWYgKHMtPmluZGV4ICsgbCA8PSBzaXplb2Yocy0+YnVmKSkgeworICAgICAgICAgICAgICAgIG1l bWNweShzLT5idWYgKyBzLT5pbmRleCwgYnVmLCBsKTsKKyAgICAgICAgICAgIH0gZWxzZSB7Cisg ICAgICAgICAgICAgICAgZnByaW50ZihzdGRlcnIsICJzZXJpb3VzIGVycm9yOiBvdmVyc2l6ZWQg cGFja2V0IHJlY2VpdmVkLCIKKyAgICAgICAgICAgICAgICAgICAgImNvbm5lY3Rpb24gdGVybWlu YXRlZC5cbiIpOworICAgICAgICAgICAgICAgIHMtPnN0YXRlID0gMDsKKyAgICAgICAgICAgICAg ICBnb3RvIGVvYzsKKyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgcy0+aW5kZXggKz0gbDsK ICAgICAgICAgICAgIGJ1ZiArPSBsOwogICAgICAgICAgICAgc2l6ZSAtPSBsOwo= --001485f91dd282602d0463ad9775--