[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1904954] Re: lan9118 bug peeking receive massage size not equal to
|
From: |
alfred gedeon |
|
Subject: |
[Bug 1904954] Re: lan9118 bug peeking receive massage size not equal to received message size |
|
Date: |
Fri, 20 Nov 2020 04:08:18 -0000 |
** Description changed:
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
+ Could also be a security bug, as the user could allocate a buffer of
+ size peeked data smaller than the actual packet received, which could
+ cause a buffer overflow and its attaks.
+
Thanks,
Alfred
** Description changed:
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of
size peeked data smaller than the actual packet received, which could
- cause a buffer overflow and its attaks.
+ cause a buffer overflow.
Thanks,
Alfred
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1904954
Title:
lan9118 bug peeking receive massage size not equal to received message
size
Status in QEMU:
New
Bug description:
peeked message size is not equal to read message size
Bug in the code at line:
https://github.com/qemu/qemu/blob/master/hw/net/lan9118.c#L1209
s->tx_status_fifo_head should be s->rx_status_fifo_head
Could also be a security bug, as the user could allocate a buffer of
size peeked data smaller than the actual packet received, which could
cause a buffer overflow.
Thanks,
Alfred
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1904954/+subscriptions