net: check fragment length during fragmentation

Network transport abstraction layer supports packet fragmentation. While fragmenting a packet, it checks for more fragments from packet length and current fragment length. It is susceptible to an infinite loop, if the current fragment length is zero. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> CC: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com>
author: Prasad J Pandit <pjp@fedoraproject.org> 2016-08-04 13:00:14 +0530
committer: Jason Wang <jasowang@redhat.com> 2016-08-09 11:45:30 +0800
commit: ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 (patch)
tree: 1b585f632f29d68416b3535f62f0699cfee0dec8 /hw/net
parent: 53279c76cf071fed07a336948d37c72e3613e0b7 (diff)
download: qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.zip
qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.tar.gz
qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index efd43b4..53dfaa2 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -590,7 +590,7 @@ static bool net_tx_pkt_do_sw_fragmentation(struct NetTxPkt *pkt,
 
         fragment_offset += fragment_len;
 
-    } while (more_frags);
+    } while (fragment_len && more_frags);
 
     return true;
 }
author	Prasad J Pandit <pjp@fedoraproject.org>	2016-08-04 13:00:14 +0530
committer	Jason Wang <jasowang@redhat.com>	2016-08-09 11:45:30 +0800
commit	ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 (patch)
tree	1b585f632f29d68416b3535f62f0699cfee0dec8 /hw/net
parent	53279c76cf071fed07a336948d37c72e3613e0b7 (diff)
download	qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.zip qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.tar.gz qemu-ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05.tar.bz2