NetRxPkt: Fix memory corruption on VLAN header stripping - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Dmitry Fleytman <dmitry@daynix.com>	2017-02-16 14:29:33 +0200
committer	Jason Wang <jasowang@redhat.com>	2017-03-06 11:46:02 +0800
commit	df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6 (patch)
tree	7831c4a9aa99f757f9016b48504258b28f60abcd /qapi/string-input-visitor.c
parent	566342c3125ac2e73abd36c650222318164517ed (diff)
download	focaccia-qemu-df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6.tar.gz focaccia-qemu-df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6.zip

NetRxPkt: Fix memory corruption on VLAN header stripping

This patch fixed a problem that was introduced in commit eb700029.

When net_rx_pkt_attach_iovec() calls eth_strip_vlan()
this can result in pkt->ehdr_buf being overflowed, because
ehdr_buf is only sizeof(struct eth_header) bytes large
but eth_strip_vlan() can write
sizeof(struct eth_header) + sizeof(struct vlan_header)
bytes into it.

Devices affected by this problem: vmxnet3.

Cc: qemu-stable@nongnu.org
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

Diffstat (limited to 'qapi/string-input-visitor.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: