[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] net: check payload length limit for all frames
From: |
Li Qiang |
Subject: |
Re: [PATCH] net: check payload length limit for all frames |
Date: |
Fri, 17 Jul 2020 08:53:42 +0800 |
P J P <ppandit@redhat.com> 于2020年7月17日周五 上午3:26写道:
>
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> While sending packets, the check that packet 'payload_len'
> is within 64kB limit, seems to happen only for GSO frames.
> It may lead to use-after-free or out-of-bounds access like
> issues when sending non-GSO frames. Check the 'payload_len'
> limit for all packets, irrespective of the gso type.
>
Hello Prasad,
Which issue are you trying to solve, any reference linking?
I also send a patch related this part and also a UAF.
Thanks,
Li Qiang
> Reported-by: Alexander Bulekov <alxndr@bu.edu>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
> hw/net/net_tx_pkt.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
> index 162f802dd7..e66998a8f9 100644
> --- a/hw/net/net_tx_pkt.c
> +++ b/hw/net/net_tx_pkt.c
> @@ -607,12 +607,10 @@ bool net_tx_pkt_send(struct NetTxPkt *pkt,
> NetClientState *nc)
> * Since underlying infrastructure does not support IP datagrams longer
> * than 64K we should drop such packets and don't even try to send
> */
> - if (VIRTIO_NET_HDR_GSO_NONE != pkt->virt_hdr.gso_type) {
> - if (pkt->payload_len >
> - ETH_MAX_IP_DGRAM_LEN -
> - pkt->vec[NET_TX_PKT_L3HDR_FRAG].iov_len) {
> - return false;
> - }
> + if (pkt->payload_len >
> + ETH_MAX_IP_DGRAM_LEN -
> + pkt->vec[NET_TX_PKT_L3HDR_FRAG].iov_len) {
> + return false;
> }
>
> if (pkt->has_virt_hdr ||
> --
> 2.26.2
>
>
- [PATCH] net: check payload length limit for all frames, P J P, 2020/07/16
- Re: [PATCH] net: check payload length limit for all frames,
Li Qiang <=
- Re: [PATCH] net: check payload length limit for all frames, Alexander Bulekov, 2020/07/16
- Re: [PATCH] net: check payload length limit for all frames, Jason Wang, 2020/07/16
- Re: [PATCH] net: check payload length limit for all frames, P J P, 2020/07/17
- Re: [PATCH] net: check payload length limit for all frames, Jason Wang, 2020/07/17
- Re: [PATCH] net: check payload length limit for all frames, P J P, 2020/07/17
- Re: [PATCH] net: check payload length limit for all frames, Li Qiang, 2020/07/17
- Re: [PATCH] net: check payload length limit for all frames, P J P, 2020/07/19
- Re: [PATCH] net: check payload length limit for all frames, Alexander Bulekov, 2020/07/19
- Re: [PATCH] net: check payload length limit for all frames, Li Qiang, 2020/07/20
- Re: [PATCH] net: check payload length limit for all frames, P J P, 2020/07/20