david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

slirp: fix CVE 2007-5729

Browse Source 
The emulated network cards in QEMU allows local users to execute arbitrary
code by writing Ethernet frames with a size larger than the slirp's default
MTU, which triggers a heap-based buffer overflow in the slirp library.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5920 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
aurel32 2008-12-07 18:15:23 +00:00
parent a810a2de17
commit e8e880a72e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
slirp/slirp.c
View File

@ -654,6 +654,9 @@ void slirp_input(const uint8_t *pkt, int pkt_len)
if (!m)
return;
/* Note: we add to align the IP header */
if (M_FREEROOM(m) < pkt_len + 2) {
m_inc(m, pkt_len + 2);
}
m->m_len = pkt_len + 2;
memcpy(m->m_data + 2, pkt, pkt_len);