[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident
From: |
P J P |
Subject: |
Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident function |
Date: |
Fri, 11 Jan 2019 14:48:41 +0530 (IST) |
+-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+
| > + if (m->m_len > so_rcv->sb_datalen
| > + - (so_rcv->sb_wptr - so_rcv->sb_data)) {
| > + m_free(m);
| > + return 0;
| > + }
|
| Check looks correct, it should probably return 1.
Function comment says return 1 if 'm' is valid and should be appended via
sbappend(). Not sure if unprocessed 'm' should go to sbappend().
| Is there a reproducer?
Yes, I have one.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F