Li Qiang" , "Paolo Bonzini"
>> , "Jason Wang"
>> , "Thomas Huth" , "Alexander Bulekov"
>> , "Stefano Garzarella"
>> , "Philippe Mathieu-Daudé" ,
>> qemu-sta...@nongnu.org
>> Sent: Tuesday
ng"
> , "Thomas Huth" , "Alexander Bulekov"
> , "Stefano Garzarella"
> , "Philippe Mathieu-Daudé" ,
> qemu-sta...@nongnu.org
> Sent: Tuesday, March 9, 2021 7:27:07 PM
> Subject: [PATCH v4 4/6] net/eth: Check rt_hdr size before casting
On Wed, Mar 10, 2021 at 10:05:01AM +0100, Stefano Garzarella wrote:
On Tue, Mar 09, 2021 at 07:27:07PM +0100, Philippe Mathieu-Daudé wrote:
Do not cast our ip6_ext_hdr pointer to ip6_ext_hdr_routing if there
isn't enough data in the buffer for a such structure.
This fix a 2 bytes buffer
On Tue, Mar 09, 2021 at 07:27:07PM +0100, Philippe Mathieu-Daudé wrote:
Do not cast our ip6_ext_hdr pointer to ip6_ext_hdr_routing if there
isn't enough data in the buffer for a such structure.
This fix a 2 bytes buffer overrun in eth_parse_ipv6_hdr() reported
by QEMU fuzzer:
$ cat << EOF |
Do not cast our ip6_ext_hdr pointer to ip6_ext_hdr_routing if there
isn't enough data in the buffer for a such structure.
This fix a 2 bytes buffer overrun in eth_parse_ipv6_hdr() reported
by QEMU fuzzer:
$ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \
-accel qtest -monitor none \