mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17eb587aeb
qemu/slirp
History
Marc-André Lureau 17eb587aeb slirp: tftp, copy sockaddr_size 
ASAN detects an "unknown-crash" when running pxe-test:

/ppc64/pxe/spapr-vlan: =================================================================
==7143==ERROR: AddressSanitizer: unknown-crash on address 0x7f6dcd298d30 at pc 0x55e22218830d bp 0x7f6dcd2989e0 sp 0x7f6dcd2989d0
READ of size 128 at 0x7f6dcd298d30 thread T2
    #0 0x55e22218830c in tftp_session_allocate /home/elmarco/src/qq/slirp/tftp.c:73
    #1 0x55e22218a1f8 in tftp_handle_rrq /home/elmarco/src/qq/slirp/tftp.c:289
    #2 0x55e22218b54c in tftp_input /home/elmarco/src/qq/slirp/tftp.c:446
    #3 0x55e2221833fe in udp6_input /home/elmarco/src/qq/slirp/udp6.c:82
    #4 0x55e222137b17 in ip6_input /home/elmarco/src/qq/slirp/ip6_input.c:67

Address 0x7f6dcd298d30 is located in stack of thread T2 at offset 96 in frame
    #0 0x55e222182420 in udp6_input /home/elmarco/src/qq/slirp/udp6.c:13

  This frame has 3 object(s):
    [32, 48) '<unknown>'
    [96, 124) 'lhost' <== Memory access at offset 96 partially overflows this variable
    [160, 200) 'save_ip' <== Memory access at offset 96 partially underflows this variable

The sockaddr_storage pointer is the sockaddr_in6 lhost on the
stack. Copy only the source addr size.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
2017-04-29 18:29:58 +02:00
..
arp_table.c slirp: Clean up includes 2016-02-04 17:41:30 +00:00
bootp.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
bootp.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
cksum.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
COPYRIGHT
debug.h
dhcpv6.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
dhcpv6.h slirp: Add support for stateless DHCPv6 2016-07-03 23:59:42 +02:00
dnssearch.c slirp: Use DIV_ROUND_UP 2016-06-07 18:19:25 +03:00
if.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
if.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ip6_icmp.c slirp: Send RDNSS in RA only if host has an IPv6 DNS server 2017-03-29 00:51:25 +02:00
ip6_icmp.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
ip6_input.c slirp: Allow disabling IPv4 or IPv6 2016-04-01 17:51:55 +02:00
ip6_output.c slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfiguration 2016-03-15 10:35:00 +01:00
ip6.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ip_icmp.c slirp: fix guest network access with darwin host 2016-04-28 18:12:08 +01:00
ip_icmp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ip_input.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
ip_output.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
ip.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
libslirp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
main.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
Makefile.objs slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
mbuf.c slirp: Convert mbufs to use g_malloc() and g_free() 2017-02-26 15:39:05 +01:00
mbuf.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
misc.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
misc.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
ncsi-pkt.h slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
ncsi.c slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
ndp_table.c slirp: Adding IPv6, ICMPv6 Echo and NDP autoconfiguration 2016-03-15 10:35:00 +01:00
sbuf.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
sbuf.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
slirp_config.h slirp: Remove obsolete backward-compatibility cruft 2016-05-16 20:58:47 +02:00
slirp.c slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
slirp.h slirp: add a fake NC-SI backend 2017-04-25 19:17:25 +08:00
socket.c slirp: tcp_listen(): Don't try to close() an fd we never opened 2017-02-26 15:39:29 +01:00
socket.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcp_input.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tcp_output.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tcp_subr.c Use #include "..." for our own headers, <...> for others 2016-07-12 16:19:16 +02:00
tcp_timer.c slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tcp_timer.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcp_var.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
tcpip.h slirp, disas: Replace min/max with MIN/MAX macros 2016-12-20 23:55:19 +01:00
tftp.c slirp: tftp, copy sockaddr_size 2017-04-29 18:29:58 +02:00
tftp.h slirp: support dynamic block size for TFTP transfers 2016-12-21 00:02:15 +01:00
udp6.c slirp: Add support for stateless DHCPv6 2016-07-03 23:59:42 +02:00
udp.c slirp: Check qemu_socket() return value in udp_listen() 2017-02-26 15:38:38 +01:00
udp.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00