[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] net: mipsnet: check packet length against buffe
From: |
Jason Wang |
Subject: |
Re: [Qemu-devel] [PATCH] net: mipsnet: check packet length against buffer |
Date: |
Mon, 11 Apr 2016 16:27:52 +0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
On 04/11/2016 03:37 PM, P J P wrote:
> +-- On Thu, 7 Apr 2016, Markus Armbruster wrote --+
> | P J P <address@hidden> writes:
> |
> | > --- a/hw/net/mipsnet.c
> | > +++ b/hw/net/mipsnet.c
> | > @@ -82,6 +82,9 @@ static ssize_t mipsnet_receive(NetClientState *nc,
> const uint8_t *buf, size_t si
> | > if (!mipsnet_can_receive(nc))
> | > return 0;
> | >
> | > + if (size >= sizeof(s->rx_buffer)) {
> | > + return 0;
> | > + }
> | > s->busy = 1;
> |
> | Prompted by Peter Maydell's review of the buddy patch to stellaris_enet:
> | What does the physical device do when it receives such a packet?
>
> I tried to find a device specification, but couldn't find any reference
> MIPSnet.
>
> Jason, wdyt?
Can't find either. Looking at kernel driver git logs, the driver was
even removed since 2012 because it was not longer supported by MIPS.
Consider it indeed fixes a memory corruption, I tend to apply this first
for 2.6.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>