slirp: correct size computation while concatenating mbuf - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Prasad J Pandit <pjp@fedoraproject.org>	2018-06-05 23:38:35 +0530
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2018-06-08 09:08:30 +0300
commit	864036e251f54c99d31df124aad7f34f01f5344c (patch)
tree	ca78196ce84b59fe837722729d93bc043d1192b0 /scripts/analyse-locks-simpletrace.py
parent	3835c310bd13662d5fb3f50f3dd62605dfd40cf9 (diff)
download	focaccia-qemu-864036e251f54c99d31df124aad7f34f01f5344c.tar.gz focaccia-qemu-864036e251f54c99d31df124aad7f34f01f5344c.zip

slirp: correct size computation while concatenating mbuf

While reassembling incoming fragmented datagrams, 'm_cat' routine
extends the 'mbuf' buffer, if it has insufficient room. It computes
a wrong buffer size, which leads to overwriting adjacent heap buffer
area. Correct this size computation in m_cat.

Reported-by: ZDI Disclosures <zdi-disclosures@trendmicro.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

Diffstat (limited to 'scripts/analyse-locks-simpletrace.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: