• V
    rtl8139: Fix receive buffer overflow check · fabdcd33
    Vladislav Yasevich 提交于
    rtl8139_do_receive() tries to check for the overflow condition
    by making sure that packet_size + 8 does not exceed the
    available buffer space.  The issue here is that RxBuffAddr,
    used to calculate available buffer space, is aligned to a
    a 4 byte boundry after every update.  So it is possible that
    every packet ends up being slightly padded when written
    to the receive buffer.  This padding is not taken into
    account when checking for overflow and we may end up missing
    the overflow condition can causing buffer overwrite.
    
    This patch takes alignment into consideration when
    checking for overflow condition.
    Signed-off-by: NVladislav Yasevich <vyasevic@redhat.com>
    Reviewed-by: NJason Wang <jasowang@redhat.com>
    Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com
    Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
    fabdcd33
rtl8139.c 99.1 KB