提交 e8e880a7 编写于 作者: A aurel32

slirp: fix CVE 2007-5729

The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162
上级 a810a2de
...@@ -654,6 +654,9 @@ void slirp_input(const uint8_t *pkt, int pkt_len) ...@@ -654,6 +654,9 @@ void slirp_input(const uint8_t *pkt, int pkt_len)
if (!m) if (!m)
return; return;
/* Note: we add to align the IP header */ /* Note: we add to align the IP header */
if (M_FREEROOM(m) < pkt_len + 2) {
m_inc(m, pkt_len + 2);
}
m->m_len = pkt_len + 2; m->m_len = pkt_len + 2;
memcpy(m->m_data + 2, pkt, pkt_len); memcpy(m->m_data + 2, pkt, pkt_len);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册