qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] net: mipsnet: check packet length against buffe

From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] net: mipsnet: check packet length against buffer
Date: Thu, 07 Apr 2016 17:44:29 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
P J P <address@hidden> writes:

> From: Prasad J Pandit <address@hidden>
>
> When receiving packets over MIPSnet network device, it uses
>  receive buffer of size 1514 bytes. In case the controller
> accepts large(MTU) packets, it could lead to memory corruption.
> Add check to avoid it.
>
> Reported by: Oleksandr Bazhaniuk <address@hidden>
>
> Signed-off-by: Prasad J Pandit <address@hidden>
> ---
>  hw/net/mipsnet.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
> index f261011..e134b31 100644
> --- a/hw/net/mipsnet.c
> +++ b/hw/net/mipsnet.c
> @@ -82,6 +82,9 @@ static ssize_t mipsnet_receive(NetClientState *nc, const 
> uint8_t *buf, size_t si
>      if (!mipsnet_can_receive(nc))
>          return 0;
>  
> +    if (size >= sizeof(s->rx_buffer)) {
> +        return 0;
> +    }
>      s->busy = 1;
>  
>      /* Just accept everything. */

Prompted by Peter Maydell's review of the buddy patch to stellaris_enet:
What does the physical device do when it receives such a packet?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]