diff options
author | Jason Wang | 2018-05-30 07:16:36 +0200 |
---|---|---|
committer | Jason Wang | 2018-10-19 05:15:04 +0200 |
commit | 1592a9947036d60dde5404204a5d45975133caf5 (patch) | |
tree | ef0e5341485eb245fda6cd164d165f37f46850d9 /net | |
parent | pcnet: fix possible buffer overflow (diff) | |
download | qemu-1592a9947036d60dde5404204a5d45975133caf5.tar.gz qemu-1592a9947036d60dde5404204a5d45975133caf5.tar.xz qemu-1592a9947036d60dde5404204a5d45975133caf5.zip |
net: ignore packet size greater than INT_MAX
There should not be a reason for passing a packet size greater than
INT_MAX. It's usually a hint of bug somewhere, so ignore packet size
greater than INT_MAX in qemu_deliver_packet_iov()
CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/net.c | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender, void *opaque) { NetClientState *nc = opaque; + size_t size = iov_size(iov, iovcnt); int ret; + if (size > INT_MAX) { + return size; + } + if (nc->link_down) { - return iov_size(iov, iovcnt); + return size; } if (nc->receive_disabled) { |