slirp: fix CVE 2007-5729

The emulated network cards in QEMU allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the slirp's default MTU, which triggers a heap-based buffer overflow in the slirp library. Signed-off-by: N Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162

slirp: fix CVE 2007-5729
The emulated network cards in QEMU allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the slirp's default MTU, which triggers a heap-based buffer overflow in the slirp library. Signed-off-by: N Aurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162
e8e880a7 · aurel32 · a810a2de · e8e880a7
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

slirp/slirp.c slirp/slirp.c +3 -0

未找到文件。
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -654,6 +654,9 @@ void slirp_input(const uint8_t *pkt, int pkt_len)
        if (!m)
            return;
        /* Note: we add to align the IP header */
+        if (M_FREEROOM(m) < pkt_len + 2) {
+            m_inc(m, pkt_len + 2);
+        }
        m->m_len = pkt_len + 2;
        memcpy(m->m_data + 2, pkt, pkt_len);