]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab630a0) | patch
slirp: Fix heap overflow in ip_reass on big packet input
authorMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 24 Sep 2019 15:35:09 +0000 (10:35 -0500)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 1 Oct 2019 22:00:56 +0000 (17:00 -0500)
commit28c1dde9aa2a22724f81134035959d1a33a57690
tree3fc5272410cfa0da36cf225993bad535d549977btree
parentab630a065a3344c84ec1b280696800fd62afda03commit | diff
slirp: Fix heap overflow in ip_reass on big packet input

When the first fragment does not fit in the preallocated buffer, q will
already be pointing to the ext buffer, so we mustn't try to update it.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(from libslirp.git commit 126c04acbabd7ad32c2b018fe10dfac2a3bc1210)
(from libslirp.git commit e0be80430c390bce181ea04dfcdd6ea3dfa97de1)
*squash in e0be80 (clarifying comments)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
slirp/ip_input.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git