diff options
author | Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 2009-08-20 12:34:22 +0200 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2009-08-27 20:35:30 -0500 |
commit | 24e6f3551f3c8ea7cc7524a3e64e84beca59618f (patch) | |
tree | 21bbfccd419644c35a743d587f47dc3faa5f59b8 /hw/e1000.c | |
parent | d0e7605ee0d91c3737052127a79199ddab3ff653 (diff) | |
download | qemu-24e6f3551f3c8ea7cc7524a3e64e84beca59618f.zip qemu-24e6f3551f3c8ea7cc7524a3e64e84beca59618f.tar.gz qemu-24e6f3551f3c8ea7cc7524a3e64e84beca59618f.tar.bz2 |
fix stack buffer overflows in eepro100.c tx
Hello,
the real world issue is that the hardware allows sends up to 2600 bytes,
and for some reason FreeBSD sometimes sends frames larger than the
ethernet frame size (102+1460 is the maximum I have seen so far),
overflowing the on-stack tx buffer of the driver.
Independent of that, the code should avoid allowing the guest to
overwrite the stack.
This is a minimal patch to fix the issue (you could leave out the size
change of the buf array as well, networking still seems to work either
way). Obviously there are better ways to handle it, but a proper fix IMO
would involve first getting rid of the code duplication and given the
number of patches pending for that code I see no point in working on that now.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/e1000.c')
0 files changed, 0 insertions, 0 deletions