1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH 0/4] Fix buffer overflow for packet greater than INT_MAX
  4. View patch

[Qemu-devel] [PATCH 4/4] net: ignore packet size greater than INT_MAX

Jason Wang posted 4 patches 7 years, 1 month ago
[Qemu-devel] [PATCH 4/4] net: ignore packet size greater than INT_MAX
Posted by Jason Wang 7 years, 1 month ago 
There should not be a reason for passing a packet size greater than
INT_MAX. It's usually a hint of bug somewhere, so ignore packet size
greater than INT_MAX in qemu_deliver_packet_iov()

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/net.c b/net/net.c
index fd8efebfdb..df216e3811 100644
--- a/net/net.c
+++ b/net/net.c
@@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender,
                                 void *opaque)
 {
     NetClientState *nc = opaque;
+    size_t size = iov_size(iov, iovcnt);
     int ret;
 
+    if (size > INT_MAX) {
+        return size;
+    }
+
     if (nc->link_down) {
-        return iov_size(iov, iovcnt);
+        return size;
     }
 
     if (nc->receive_disabled) {
-- 
2.17.1
Re: [Qemu-devel] [PATCH 4/4] net: ignore packet size greater than INT_MAX
Posted by Michael S. Tsirkin 7 years, 1 month ago 
On Tue, Sep 25, 2018 at 03:23:27PM +0800, Jason Wang wrote:
> There should not be a reason for passing a packet size greater than
> INT_MAX. It's usually a hint of bug somewhere, so ignore packet size
> greater than INT_MAX in qemu_deliver_packet_iov()
> 
> CC: qemu-stable@nongnu.org
> Reported-by: Daniel Shapira <daniel@twistlock.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  net/net.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/net/net.c b/net/net.c
> index fd8efebfdb..df216e3811 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender,
>                                  void *opaque)
>  {
>      NetClientState *nc = opaque;
> +    size_t size = iov_size(iov, iovcnt);
>      int ret;
>  

This adds a useless iov scan on the good path.
Can't be good for performance...

> +    if (size > INT_MAX) {
> +        return size;
> +    }
> +
>      if (nc->link_down) {
> -        return iov_size(iov, iovcnt);
> +        return size;
>      }
>  
>      if (nc->receive_disabled) {
> -- 
> 2.17.1
Re: [Qemu-devel] [PATCH 4/4] net: ignore packet size greater than INT_MAX
Posted by Jason Wang 7 years, 1 month ago 

On 2018年09月25日 22:15, Michael S. Tsirkin wrote:
> On Tue, Sep 25, 2018 at 03:23:27PM +0800, Jason Wang wrote:
>> There should not be a reason for passing a packet size greater than
>> INT_MAX. It's usually a hint of bug somewhere, so ignore packet size
>> greater than INT_MAX in qemu_deliver_packet_iov()
>>
>> CC: qemu-stable@nongnu.org
>> Reported-by: Daniel Shapira <daniel@twistlock.com>
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>>   net/net.c | 7 ++++++-
>>   1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/net.c b/net/net.c
>> index fd8efebfdb..df216e3811 100644
>> --- a/net/net.c
>> +++ b/net/net.c
>> @@ -712,10 +712,15 @@ ssize_t qemu_deliver_packet_iov(NetClientState *sender,
>>                                   void *opaque)
>>   {
>>       NetClientState *nc = opaque;
>> +    size_t size = iov_size(iov, iovcnt);
>>       int ret;
>>   
> This adds a useless iov scan on the good path.
> Can't be good for performance...

Yes, will consider some optimization in the future.

Thanks

>> +    if (size > INT_MAX) {
>> +        return size;
>> +    }
>> +
>>       if (nc->link_down) {
>> -        return iov_size(iov, iovcnt);
>> +        return size;
>>       }
>>   
>>       if (nc->receive_disabled) {
>> -- 
>> 2.17.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.