mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net: limit allocation in nc_sendv_compat

Browse Source 
we only need to allocate enough memory to hold the packet. This might be
less than NET_BUFSIZE. Additionally fail early if the packet is larger
than NET_BUFSIZE.

Signed-off-by: Peter Lieven <pl@kamp.de>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
This commit is contained in:
Peter Lieven 2016-06-30 11:49:40 +02:00 committed by Jason Wang
parent 584613eacb
commit 47f9f15831
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/net.c
View File

@ -690,9 +690,13 @@ static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
buffer = iov[0].iov_base;
offset = iov[0].iov_len;
} else {
buf = g_new(uint8_t, NET_BUFSIZE);
offset = iov_size(iov, iovcnt);
if (offset > NET_BUFSIZE) {
return -1;
}
buf = g_malloc(offset);
buffer = buf;
offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
offset = iov_to_buf(iov, iovcnt, 0, buf, offset);
}
if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {