aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-09-14Initialize sin6_scope_id to zeroSaar Gross1-0/+3
sin6_scope_id is not explicitly set to zero in tcp_input() which should be OK for global IPv6 addresses, but seems to fail on Mac OS: if sin6_scope_id ends up with a value other than zero for global addresses, connect() will fail with "No route to host". Tested on Mac OS v11.5.2 but might be an issue on other versions as well. Signed-off-by: Saar Gross <saar@fb.com> Signed-off-by: Mohan Kumar Kumar <mohankm@fb.com>
2021-09-05slirp_socketpair_with_oob: Connect pair through 127.0.0.1Samuel Thibault1-1/+1
We do not need the socket to be exposed outside the localhost, and this reduces the attack surface. Suggested-by: Akihiro Suda <suda.kyoto@gmail.com>
2021-08-24Merge branch 'libresolv-leak-fix' into 'master'Marc-André Lureau1-1/+1
resolv: fix memory leak when using libresolv See merge request slirp/libslirp!100
2021-08-23resolv: fix memory leak when using libresolvosy1-1/+1
2021-07-05Merge branch 'master' into 'master'Samuel Thibault1-2/+8
Haiku: proper path to resolv.conf for DNS server See merge request slirp/libslirp!99
2021-07-05Haiku: proper path to resolv.conf for DNS serverRichard Zak1-2/+8
2021-07-04Merge branch 'master' into 'master'Samuel Thibault1-2/+0
Fix for Haiku See merge request slirp/libslirp!98
2021-07-03Fix for HaikuRichard Zak1-2/+0
2021-06-21Merge branch 'dhcp-fix' into 'master'Marc-André Lureau1-3/+3
dhcp: Always send DHCP_OPT_LEN bytes in options Closes #51 See merge request slirp/libslirp!97
2021-06-21dhcp: Always send DHCP_OPT_LEN bytes in optionsSamuel Thibault1-3/+3
RFC2131 suggests that the options field may be at least 312 bytes. Some DHCP clients seem to assume that it has to be at least 312 bytes. Fixes #51 Fixes: f13cad45b25d92760bb0ad67bec0300a4d7d5275 ("bootp: limit vendor-specific area to input packet memory buffer") Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-18Merge branch '4.6.1' into 'master'Marc-André Lureau2-10/+7
Release v4.6.1 See merge request slirp/libslirp!96
2021-06-18Release v4.6.1v4.6.1Marc-André Lureau2-10/+7
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-18Merge branch 'fix-48' into 'master'Marc-André Lureau1-1/+3
Fix "DHCP broken in libslirp v4.6.0" Closes #48 See merge request slirp/libslirp!95
2021-06-18Fix "DHCP broken in libslirp v4.6.0"Akihiro Suda1-1/+3
Fix issue 48 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-06-14build-sys: forgot to bump version to 4.6.0v4.6.0Marc-André Lureau1-1/+1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14changelog: post-releaseMarc-André Lureau1-0/+10
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14Merge branch '4.6.0' into 'master'Marc-André Lureau1-3/+12
Release v4.6.0 See merge request slirp/libslirp!94
2021-06-14Release v4.6.0Marc-André Lureau1-3/+12
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14Merge remote-tracking branch 'libslirp-private/mtod2'Marc-André Lureau8-45/+83
See merge request slirp/libslirp-private!1
2021-06-14udp: check upd_input buffer sizeMarc-André Lureau1-1/+4
Fixes: CVE-2021-3594 Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14tftp: introduce a header structureMarc-André Lureau2-30/+36
Instead of using a composed structure and potentially reading past the incoming buffer, use a different structure for the header. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14tftp: check tftp_input buffer sizeMarc-André Lureau1-1/+5
Fixes: CVE-2021-3595 Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14upd6: check udp6_input buffer sizeMarc-André Lureau1-1/+4
Fixes: CVE-2021-3593 Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14bootp: check bootp_input buffer sizeMarc-André Lureau1-2/+2
Fixes: CVE-2021-3592 Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14bootp: limit vendor-specific area to input packet memory bufferMarc-André Lureau4-12/+22
sizeof(bootp_t) currently holds DHCP_OPT_LEN. Remove this optional field from the structure, to help with the following patch checking for minimal header size. Modify the bootp_reply() function to take the buffer boundaries and avoiding potential buffer overflow. Related to CVE-2021-3592. https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-14Add mtod_check()Marc-André Lureau2-0/+12
Recent security issues demonstrate the lack of safety care when casting a mbuf to a particular structure type. At least, it should check that the buffer is large enough. The following patches will make use of this function. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-08Merge branch 'revert-72' into 'master'Marc-André Lureau1-5/+0
Revert "Set macOS deployment target to macOS 10.4" See merge request slirp/libslirp!93
2021-06-08Revert "Set macOS deployment target to macOS 10.4"Marc-André Lureau1-5/+0
This reverts commit 410e296a52fb274648f8ecf53561eaab4b33c52c (slirp/libslirp!72), as it causes extra compilation warnings when linking with libraries using a different version. Instead, the builder can set CFLAGS manually. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-06-07pingtest: Add a trivial ping testSamuel Thibault2-0/+496
This is a simple working example. Fixes #30 Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-07icmp: Support falling back on trying a SOCK_RAW socketSamuel Thibault1-22/+38
This allows pings provided that the process is running as root (or has some capability to create raw sockets). Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-07poll_fd: add missing fd registration for UDP and ICMPSamuel Thibault2-0/+2
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-07icmp: Document the use of UDP echo serviceSamuel Thibault1-0/+5
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-06mbuf: Avoid warningSamuel Thibault1-0/+1
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-06timer_mod: explicit that expire_time is in ms, not nsSamuel Thibault1-1/+1
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-06Merge branch 'valgrind' into 'master'Samuel Thibault13-5/+152
mbuf: Add debugging helpers for allocation See merge request slirp/libslirp!90
2021-06-06mbuf: Add debugging helpers for allocationSamuel Thibault13-12/+129
This adds a few helpers for debugging mbuf allocations when running in debugging mode (lsan, valgrind, etc.) - We do not want to cache allocations, so always set M_DOFREE to prevent us from putting any mbuf in it. - We want to update the mbuf allocation owner on function call for more precise leak reporting. Based on Jeremy Marchand's fuzzing work. Signed-off-by: jeremy marchand <jeremy.marchand@etu.u-bordeaux.fr> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-06Check that we have the expected room before m_dataSamuel Thibault7-0/+30
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-06-06Merge branch 'ncsi_pack' into 'master'Samuel Thibault2-33/+33
ncsi: make ncsi_calculate_checksum work with unaligned data Closes #43 See merge request slirp/libslirp!89
2021-06-03ncsi: Mark ncsi headers with SLIRP_PACKEDSamuel Thibault1-29/+29
Fixes #43
2021-06-03ncsi: make ncsi_calculate_checksum work with unaligned dataSamuel Thibault1-4/+4
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2021-05-25Merge branch 'fixes' into 'master'Samuel Thibault2-2/+2
Fix typos in comments See merge request slirp/libslirp!88
2021-05-25src/ip: Fix typos in commentsThomas Huth2-2/+2
Found with the "codespell" utility. Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-05-19changelog: post-releaseMarc-André Lureau1-1/+11
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-05-19Merge branch '4.5.0' into 'master'Marc-André Lureau2-7/+22
Release v4.5.0 Closes #40 See merge request slirp/libslirp!87
2021-05-18Release v4.5.0v4.5.0Marc-André Lureau2-7/+22
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-05-09SlirpCb: explicit that it is fine for a guest to drop framesSamuel Thibault1-5/+5
2021-05-09Merge branch 'master' into 'master'Samuel Thibault1-1/+6
ndp_table: For unspecified address, return broadcast ethernet address See merge request slirp/libslirp!86
2021-05-09ndp_table: For unspecified address, return broadcast ethernet addressSamuel Thibault1-1/+6
We cannot let the guest crash libslirp by making it answer a tftp request such as shown in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33873 https://gitlab.com/qemu-project/qemu/-/issues/111 unspecified addresses may also be used for non-configured devices, so it makes sense to use the broadcast ethernet address in that case, just like we do with IPv4.
2021-05-07Merge branch 'philmd' into 'master'Marc-André Lureau1-5/+9
Remove alloca() call in get_dns_addr_resolv_conf() See merge request slirp/libslirp!84
2021-05-07Remove alloca() call in get_dns_addr_resolv_conf()Philippe Mathieu-Daudé1-5/+9
The ALLOCA(3) man-page mentions its "use is discouraged". For now get_dns_addr_resolv_conf() is called with pointer to a in_addr/in6_addr structure, and its size. Declare a union of these structures on the stack, able to hold both of them. This allows us to remove the alloca() call, keeping the buffer on the stack. Add an assertion in the unlikely case another inet address is handled by this function. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210507133212.1952121-1-philmd@redhat.com>
generated by cgit v1.1 at 2024-10-19 02:16:27 +0000