aboutsummaryrefslogtreecommitdiff
path: root/hw/net/vmxnet_tx_pkt.c
AgeCommit message (Collapse)Author
2016-09-08net: vmxnet: use g_new for pkt initialisationLi Qiang
When vmxnet transport abstraction layer initialises pkt, the maximum fragmentation count is not checked. This could lead to an integer overflow causing a NULL pointer dereference. Replace g_malloc() with g_new() to catch the multiplication overflow. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Acked-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-09-08net: vmxnet: check IP header lengthLi Qiang
Vmxnet3 device emulator when parsing packet headers does not check for IP header length. It could lead to a OOB access when reading further packet data. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-09-08net: check fragment length during fragmentationPrasad J Pandit
Network transport abstraction layer supports packet fragmentation. While fragmenting a packet, it checks for more fragments from packet length and current fragment length. It is susceptible to an infinite loop, if the current fragment length is zero. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> CC: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> (cherry picked from commit ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-01-29hw/net: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-19-git-send-email-peter.maydell@linaro.org
2015-10-12net/vmxnet3: Refine l2 header validationDana Rubin
Validation of l2 header length assumed minimal packet size as eth_header + 2 * vlan_header regardless of the actual protocol. This caused crash for valid non-IP packets shorter than 22 bytes, as 'tx_pkt->packet_type' hasn't been assigned for such packets, and 'vmxnet3_on_tx_done_update_stats()' expects it to be properly set. Refine header length validation in 'vmxnet_tx_pkt_parse_headers'. Check its return value during packet processing flow. As a side effect, in case IPv4 and IPv6 header validation failure, corrupt packets will be dropped. Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com> Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2013-07-27misc: Use g_assert_not_reached for code which is expected to be unreachableStefan Weil
The macro g_assert_not_reached is a better self documenting replacement for assert(0) or assert(false). Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-04-15include: avoid useless includes of exec/ headersPaolo Bonzini
Headers in include/exec/ are for the deepest innards of QEMU, they should almost never be included directly. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08hw: move target-independent files to subdirectoriesPaolo Bonzini
This patch tackles all files that are compiled once, moving them to subdirectories of hw/. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>