motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-05 16:53:55 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

net: Check L4 header size

Browse source 
net_tx_pkt_build_vheader() inspects TCP header but had no check for
the header size, resulting in an undefined behavior. Check the header
size and drop the packet if the header is too small.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
This commit is contained in:
Akihiko Odaki 2023-02-23 19:20:03 +09:00 committed by Jason Wang
parent 156dc1555d
commit f9a9eb16e2
4 changed files with 33 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hw/net/e1000e_core.c
View file

@ -629,23 +629,30 @@ e1000e_rss_parse_packet(E1000ECore *core,
info->queue = E1000_RSS_QUEUE(&core->mac[RETA], info->hash);
}
static void
static bool
e1000e_setup_tx_offloads(E1000ECore *core, struct e1000e_tx *tx)
{
if (tx->props.tse && tx->cptse) {
net_tx_pkt_build_vheader(tx->tx_pkt, true, true, tx->props.mss);
if (!net_tx_pkt_build_vheader(tx->tx_pkt, true, true, tx->props.mss)) {
return false;
}
net_tx_pkt_update_ip_checksums(tx->tx_pkt);
e1000x_inc_reg_if_not_full(core->mac, TSCTC);
return;
return true;
}
if (tx->sum_needed & E1000_TXD_POPTS_TXSM) {
net_tx_pkt_build_vheader(tx->tx_pkt, false, true, 0);
if (!net_tx_pkt_build_vheader(tx->tx_pkt, false, true, 0)) {
return false;
}
}
if (tx->sum_needed & E1000_TXD_POPTS_IXSM) {
net_tx_pkt_update_ip_hdr_checksum(tx->tx_pkt);
}
return true;
}
static bool
@ -654,7 +661,9 @@ e1000e_tx_pkt_send(E1000ECore *core, struct e1000e_tx *tx, int queue_index)
int target_queue = MIN(core->max_queue_num, queue_index);
NetClientState *queue = qemu_get_subqueue(core->owner_nic, target_queue);
e1000e_setup_tx_offloads(core, tx);
if (!e1000e_setup_tx_offloads(core, tx)) {
return false;
}
net_tx_pkt_dump(tx->tx_pkt);