[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] hw/net: Discard overly fragmented packets
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [PATCH] hw/net: Discard overly fragmented packets |
|
Date: |
Tue, 3 Aug 2021 11:51:39 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 8/3/21 11:33 AM, Thomas Huth wrote:
> On 05/07/2021 10.40, Philippe Mathieu-Daudé wrote:
>> Our infrastructure can handle fragmented packets up to
>> NET_MAX_FRAG_SG_LIST (64) pieces. This hard limit has
>> been proven enough in production for years. If it is
>> reached, it is likely an evil crafted packet. Discard it.
>>
>> Include the qtest reproducer provided by Alexander Bulekov:
>>
>> $ make check-qtest-i386
>> ...
>> Running test qtest-i386/fuzz-vmxnet3-test
>> qemu-system-i386: net/eth.c:334: void
>> eth_setup_ip4_fragmentation(const void *, size_t, void *, size_t,
>> size_t, size_t, _Bool):
>> Assertion `frag_offset % IP_FRAG_UNIT_SIZE == 0' failed.
>>
>> Cc: qemu-stable@nongnu.org
>> Reported-by: OSS-Fuzz (Issue 35799)
>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/460
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>> hw/net/net_tx_pkt.c | 8 ++
>> tests/qtest/fuzz-vmxnet3-test.c | 195 ++++++++++++++++++++++++++++++++
>> MAINTAINERS | 1 +
>> tests/qtest/meson.build | 1 +
>> 4 files changed, 205 insertions(+)
>> create mode 100644 tests/qtest/fuzz-vmxnet3-test.c
>
> Reviewed-by: Thomas Huth <thuth@redhat.com>
>
> Jason, I think this would even still qualify for QEMU v6.1 ?
Yes, easy one for 6.1.