summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJason Wang2018-05-30 07:16:36 +0200
committerJason Wang2018-10-19 05:15:04 +0200
commit1592a9947036d60dde5404204a5d45975133caf5 (patch)
treeef0e5341485eb245fda6cd164d165f37f46850d9 /net
parentpcnet: fix possible buffer overflow (diff)
downloadqemu-1592a9947036d60dde5404204a5d45975133caf5.tar.gz
qemu-1592a9947036d60dde5404204a5d45975133caf5.tar.xz
qemu-1592a9947036d60dde5404204a5d45975133caf5.zip
net: ignore packet size greater than INT_MAX
There should not be a reason for passing a packet size greater than INT_MAX. It's usually a hint of bug somewhere, so ignore packet size greater than INT_MAX in qemu_deliver_packet_iov() CC: qemu-stable@nongnu.org Reported-by: Daniel Shapira <daniel@twistlock.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'net')
-rw-r--r--net/net.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/net.c b/net/net.c
index c66847ed76..07c194a8f6 100644
--- a/net/net.c
+++ b/net/net.c
@@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender,
void *opaque)
{
NetClientState *nc = opaque;
+ size_t size = iov_size(iov, iovcnt);
int ret;
+ if (size > INT_MAX) {
+ return size;
+ }
+
if (nc->link_down) {
- return iov_size(iov, iovcnt);
+ return size;
}
if (nc->receive_disabled) {