Re: [Qemu-devel] [PATCH v2 1/2] net: check packet payload length

Hello Jason, +-- On Wed, 2 Mar 2016, Jason Wang wrote --+ | How about L4, since we will calculate L4 checksum I believe? And it | looks like the following check: | | plen + hlen >= length | only count L3 header plus payload? Yes, I've sent a revised patch v3. Thank you. -- Prasad J Pandit /

Re: [Qemu-devel] [PATCH v2 1/2] net: check packet payload length

On 03/01/2016 02:48 PM, P J P wrote: > Hello Jason, > > +-- On Fri, 26 Feb 2016, Jason Wang wrote --+ > | Should we count mac header here? Did "plen + hlen >= length" imply "14 + > | hlen + csum_offset + 1" < length? > | > | Looks not. Consider a TCP packet can report evil plen (e.g 20) but ju

Re: [Qemu-devel] [PATCH v2 1/2] net: check packet payload length

Hello Jason, +-- On Fri, 26 Feb 2016, Jason Wang wrote --+ | Should we count mac header here? Did "plen + hlen >= length" imply "14 + | hlen + csum_offset + 1" < length? | | Looks not. Consider a TCP packet can report evil plen (e.g 20) but just | have 10 bytes payload in fact. In this case: |

Re: [Qemu-devel] [PATCH v2 1/2] net: check packet payload length

On 02/24/2016 12:08 AM, P J P wrote: > From: Prasad J Pandit > > While computing IP checksum, 'net_checksum_calculate' reads > payload length from the packet. It could exceed the given 'data' > buffer size. Add a check to avoid it. > > Reported-by: Liu Ling > Signed-off-by: Prasad J Pandit > -

[Qemu-devel] [PATCH v2 1/2] net: check packet payload length

From: Prasad J Pandit While computing IP checksum, 'net_checksum_calculate' reads payload length from the packet. It could exceed the given 'data' buffer size. Add a check to avoid it. Reported-by: Liu Ling Signed-off-by: Prasad J Pandit --- net/checksum.c | 10 -- 1 file changed, 8 i