net: tulip: check frame size and r/w data length - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2020-03-24 18:27:22 +0100
committer	Jason Wang	2020-03-31 15:14:35 +0200
commit	8ffb7265af64ec81748335ec8f20e7ab542c3850 (patch)
tree	e33cdd16816ecaca46c9793c02a357cd71110d81 /include/exec/exec-all.h
parent	net/colo-compare.c: Expose "expired_scan_cycle" to users (diff)
download	qemu-8ffb7265af64ec81748335ec8f20e7ab542c3850.tar.gz qemu-8ffb7265af64ec81748335ec8f20e7ab542c3850.tar.xz qemu-8ffb7265af64ec81748335ec8f20e7ab542c3850.zip

net: tulip: check frame size and r/w data length

Tulip network driver while copying tx/rx buffers does not check frame size against r/w data length. This may lead to OOB buffer access. Add check to avoid it. Limit iterations over descriptors to avoid potential infinite loop issue in tulip_xmit_list_update. Reported-by: Li Qiang <pangpei.lq@antfin.com> Reported-by: Ziming Zhang <ezrakiez@gmail.com> Reported-by: Jason Wang <jasowang@redhat.com> Tested-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>

Diffstat (limited to 'include/exec/exec-all.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: