qemu/hw/net
Akihiko Odaki dd32b5ea7e hw/net/net_tx_pkt: Check the payload length
Check the payload length if checksumming to ensure the payload contains
the space for the resulting value.

This bug was found by Alexander Bulekov with the fuzzer:
https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/

The fixed test case is:
fuzz/crash_6aeaa33e7211ecd603726c53e834df4c6d1e08bc

Fixes: e263cd49c7 ("Packet abstraction for VMWARE network devices")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2023-03-10 15:35:38 +08:00
..
can include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
fsl_etsec fsl_etsec: Use hw/net/mii.h 2023-03-10 15:35:38 +08:00
rocker rocker: Tweak stubbed out monitor commands' error messages 2023-02-23 14:10:17 +01:00
allwinner_emac.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
allwinner-sun8i-emac.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
cadence_gem.c Drop more useless casts from void * to pointer 2022-12-14 16:19:35 +01:00
dp8393x.c dp8393x: don't force 32-bit register access 2021-07-11 22:29:54 +02:00
e1000_regs.h e1000e: Introduce e1000_rx_desc_union 2023-03-10 15:35:38 +08:00
e1000.c e1000: Configure ResettableClass 2023-03-10 15:35:38 +08:00
e1000e_core.c e1000e: Perform software segmentation for loopback 2023-03-10 15:35:38 +08:00
e1000e_core.h e1000e: Remove pending interrupt flags 2023-03-10 15:35:38 +08:00
e1000e.c e1000e: Configure ResettableClass 2023-03-10 15:35:38 +08:00
e1000x_common.c e1000x: Alter the signature of e1000x_is_vlan_packet 2023-03-10 15:35:38 +08:00
e1000x_common.h e1000x: Alter the signature of e1000x_is_vlan_packet 2023-03-10 15:35:38 +08:00
eepro100.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
etraxfs_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ftgmac100.c hw/net: Fix read of uninitialized memory in ftgmac100 2023-02-07 09:02:04 +01:00
i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
i82596.h hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
imx_fec.c hw/net: Fix read of uninitialized memory in imx_fec. 2023-01-05 15:33:00 +00:00
Kconfig hw: Include the VMWare devices only in the x86 targets 2022-12-15 15:19:24 +01:00
lan9118.c hw/net/lan9118: log [read|write]b when mode_16bit is enabled rather than abort 2023-02-17 13:31:33 +08:00
lance.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lasi_i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mcf_fec.c net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
meson.build rocker: Move HMP commands from monitor to hw/net/rocker/ 2023-02-04 07:56:54 +01:00
mipsnet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
msf2-emac.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
mv88w8618_eth.c hw/net: Move MV88W8618 network device out of hw/arm/ directory 2022-01-20 11:47:52 +00:00
ne2000-isa.c hw/isa: Inline and remove one-line isa_init_irq() 2022-03-08 19:38:17 +01:00
ne2000-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
ne2000.c net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
ne2000.h Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
net_rx_pkt.c e1000e: Perform software segmentation for loopback 2023-03-10 15:35:38 +08:00
net_rx_pkt.h e1000e: Perform software segmentation for loopback 2023-03-10 15:35:38 +08:00
net_tx_pkt.c hw/net/net_tx_pkt: Check the payload length 2023-03-10 15:35:38 +08:00
net_tx_pkt.h e1000e: Perform software segmentation for loopback 2023-03-10 15:35:38 +08:00
npcm7xx_emc.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
opencores_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pcnet-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
pcnet.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00
pcnet.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
rtl8139.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
smc91c111.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
spapr_llan.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
stellaris_enet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sungem.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
sunhme.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
trace-events hw/net/net_rx_pkt: Remove net_rx_pkt_has_virt_hdr 2023-03-10 15:35:38 +08:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
tulip.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
tulip.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
vhost_net-stub.c virtio-net: add support for configure interrupt 2023-01-08 01:54:22 -05:00
vhost_net.c virtio-net: add support for configure interrupt 2023-01-08 01:54:22 -05:00
virtio-net.c hw/net/net_rx_pkt: Remove net_rx_pkt_has_virt_hdr 2023-03-10 15:35:38 +08:00
vmware_utils.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet3_defs.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
vmxnet3.c hw/net/net_rx_pkt: Remove net_rx_pkt_has_virt_hdr 2023-03-10 15:35:38 +08:00
vmxnet3.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vmxnet_debug.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
xen_nic.c hw/xen: Use XEN_PAGE_SIZE in PV backend drivers 2023-03-07 17:04:30 +00:00
xgmac.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xilinx_axienet.c Drop duplicate #include 2023-02-08 07:28:05 +01:00
xilinx_ethlite.c bulk: Rename TARGET_FMT_plx -> HWADDR_FMT_plx 2023-01-18 11:14:34 +01:00