net: tulip: check frame size and r/w data length - qemu

diff options

author	Prasad J Pandit <pjp@fedoraproject.org>	2020-03-24 22:57:22 +0530
committer	Jason Wang <jasowang@redhat.com>	2020-03-31 21:14:35 +0800
commit	8ffb7265af64ec81748335ec8f20e7ab542c3850 (patch)
tree	e33cdd16816ecaca46c9793c02a357cd71110d81 /util/bufferiszero.c
parent	net/colo-compare.c: Expose "expired_scan_cycle" to users (diff)
download	qemu-8ffb7265af64ec81748335ec8f20e7ab542c3850.tar.xz qemu-8ffb7265af64ec81748335ec8f20e7ab542c3850.zip

net: tulip: check frame size and r/w data length

Tulip network driver while copying tx/rx buffers does not check frame size against r/w data length. This may lead to OOB buffer access. Add check to avoid it. Limit iterations over descriptors to avoid potential infinite loop issue in tulip_xmit_list_update. Reported-by: Li Qiang <pangpei.lq@antfin.com> Reported-by: Ziming Zhang <ezrakiez@gmail.com> Reported-by: Jason Wang <jasowang@redhat.com> Tested-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>

Diffstat (limited to 'util/bufferiszero.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: