Le 16/06/2016 à 23:09, Peter Maydell a écrit :
> On 16 June 2016 at 20:01, Laurent Vivier <[email protected]> wrote:
>> If the structure pointed by NLMSG_DATA() is bigger
>> than the size of NLMSG_DATA(), don't swap its fields
>> to avoid memory corruption.
>>
>> Signed-off-by: Laurent Vivier <[email protected]>
>> ---
>
> Reviewed-by: Peter Maydell <[email protected]>
>
> Can this actually happen in normal operation?
Yes, I've detected that debugging "apt-get update" on debian jessie with
qemu-s390x. This is the first call to netlink:
00 00 00 14 nlmsg_len=20
00 16 nlmsg_type=RTM_GETADDR
03 01 nlmsg_flags=0x0301
57 62 b7 fb nlmsg_seq=0x5762b7fb
00 00 00 00 nlmsg_pid=0
00 00 00 00 NLMSG_DATA() = struct ifaddrmsg
struct ifaddrmsg {
__u8 ifa_family;
__u8 ifa_prefixlen;
__u8 ifa_flags;
__u8 ifa_scope;
__u32 ifa_index;
};
Laurent
