[v5] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()

[PATCH v5 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()

Philippe Mathieu-Daudé posted 7 patches 4 years, 8 months ago

Diff against v1 v2 v3 v4 v6
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210310160135.1148272-1-philmd@redhat.com

Test checkpatch passed

There is a newer version of this series

net/eth.c                      | 48 +++++++++++++++---------------
tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
MAINTAINERS                    |  1 +
tests/qtest/meson.build        |  1 +
4 files changed, 79 insertions(+), 24 deletions(-)
create mode 100644 tests/qtest/fuzz-e1000e-test.c

Expand all Fold all

[PATCH v5 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()

Posted by Philippe Mathieu-Daudé 4 years, 8 months ago

I had a look at the patch from Miroslav trying to silence a
compiler warning which in fact is a nasty bug. Here is a fix.
https://www.mail-archive.com/qemu-devel@nongnu.org/msg772735.html

Since v4:
- reworked again, tested it with Fedora Raw Hide

Philippe Mathieu-Daudé (7):
  net/eth: Simplify _eth_get_rss_ex_dst_addr()
  net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
  net/eth: Make ip6_ext_hdr *ext_hdr pointer to const
  net/eth: Check the size earlier
  net/eth: Check iovec has enough data earlier
  net/eth: Read ip6_ext_hdr_routing buffer before accessing it
  net/eth: Add an assert() and invert if() statement to simplify code

 net/eth.c                      | 48 +++++++++++++++---------------
 tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
 MAINTAINERS                    |  1 +
 tests/qtest/meson.build        |  1 +
 4 files changed, 79 insertions(+), 24 deletions(-)
 create mode 100644 tests/qtest/fuzz-e1000e-test.c

-- 
2.26.2