+-- On Fri, 27 Nov 2020, Philippe Mathieu-Daudé wrote --+
| Do not allow qemu_send_packet*() and qemu_net_queue_send()
| functions to accept packets bigger then NET_BUFSIZE.
|
| We have to put a limit somewhere. NET_BUFSIZE is defined as:
| /* Maximum GSO packet size (64k) plus plenty of room for
| * the ethernet and virtio_net headers
| */
| #define NET_BUFSIZE (4096 + 65536)
|
| + if (size > NET_BUFSIZE) {
| + return -1;
| + }
| +
/usr/include/linux/if_ether.h
#define ETH_MIN_MTU 68 /* Min IPv4 MTU per RFC791 */
#define ETH_MAX_MTU 0xFFFFU /* 65535, same as IP_MAX_MTU */
if (size < ETH_MIN_MTU || size > ETH_MAX_MTU) {
return -1;
}
Should there be similar check for minimum packet size?
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
