Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident function

2019-01-13 Thread P J P
+-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+ | > | Check looks correct, it should probably return 1. | > | > Function comment says return 1 if 'm' is valid and should be appended via | > sbappend(). Not sure if unprocessed 'm' should go to sbappend(). | | If you look at the rest of the fun

Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident function

2019-01-11 Thread Marc-André Lureau
Hi On Fri, Jan 11, 2019 at 1:18 PM P J P wrote: > > +-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+ > | > +if (m->m_len > so_rcv->sb_datalen > | > +- (so_rcv->sb_wptr - so_rcv->sb_data)) { > | > +m_free(m); > | > +return

Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident function

2019-01-11 Thread P J P
+-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+ | > +if (m->m_len > so_rcv->sb_datalen | > +- (so_rcv->sb_wptr - so_rcv->sb_data)) { | > +m_free(m); | > +return 0; | > +} | | Check looks correct, it should pro

Re: [Qemu-devel] [PATCH] slirp: check data length while emulating ident function

2019-01-11 Thread Marc-André Lureau
Hi On Fri, Jan 11, 2019 at 12:31 PM P J P wrote: > > From: Prasad J Pandit > > While emulating identification protocol, tcp_emu() does not check > available space in the 'sc_rcv->sb_data' buffer. It could lead to > heap buffer overflow issue. Add check to avoid it. > > Reported-by: Kira <864786.