subject:"\[Qemu\-devel\] \[PATCH 1\/2\] slirp\: correct size computation while concatenating mbuf"

Re: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf

2018-06-06 Thread P J P

Hello Samuel, +-- On Wed, 6 Jun 2018, Samuel Thibault wrote --+ | > From: Prasad J Pandit | > | > While reassembling incoming fragmented datagrams, 'm_cat' routine | > extends the 'mbuf' buffer, if it has insufficient room. It computes | > a wrong buffer size, which leads to overwriting adjace

Re: [Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf

2018-06-06 Thread Samuel Thibault

Hello, P J P, le mar. 05 juin 2018 23:38:35 +0530, a ecrit: > From: Prasad J Pandit > > While reassembling incoming fragmented datagrams, 'm_cat' routine > extends the 'mbuf' buffer, if it has insufficient room. It computes > a wrong buffer size, which leads to overwriting adjacent heap buffer >

[Qemu-devel] [PATCH 1/2] slirp: correct size computation while concatenating mbuf

2018-06-05 Thread P J P

From: Prasad J Pandit While reassembling incoming fragmented datagrams, 'm_cat' routine extends the 'mbuf' buffer, if it has insufficient room. It computes a wrong buffer size, which leads to overwriting adjacent heap buffer area. Correct this size computation in m_cat. Reported-by: ZDI Disclosu