Bugs item #3058721, was opened at 2010-09-03 13:14
Message generated for change (Comment added) made by danielel
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Uncategorized
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Daniele Lacamera (danielel)
Summary: Putative libvdeplug bug may cause frame corruption/overrear

Initial Comment:
vde_plug on ubuntu hardy contains a bug, that may trigger frame loss/frame 
corruption and a buffer overread by 1 if encapsulated ether frames are read 
from a stream (see http://www.halfdog.net/Security/VdeNetBufferError/). From my 
understanding, but without testing/verification, this bug seems also to be 
present in the current vde project trunk libvdeplug.c vdestream_recv:

The code "while length>0" will use two bytes of buffer data, even when 
length=1, so reading one uninitialized byte or one byte after the end of the 
buffer. In most cases, the frame will be broken, so data is partially 
discarded, causing frame loss or frame corruption due to frame shift.


>Comment By: Daniele Lacamera (danielel)
Date: 2010-09-04 15:35

Should be now fixed (svn r445).


Comment By: Nobody/Anonymous (nobody)
Date: 2010-09-03 15:26

Sorry, wrong link: http://www.halfdog.net/Security/VdeNetBufferBug/


You can respond by visiting: 

This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
vde-users mailing list

Reply via email to