git.ipfire.org Git - thirdparty/qemu.git/commit

author	Fam Zheng <famz@redhat.com>
	Fri, 14 Sep 2018 07:26:15 +0000 (15:26 +0800)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 21 Mar 2019 20:47:26 +0000 (15:47 -0500)
commit	70b8acfa0d496ccc796ab183581c98fd8574163e
tree	d7aa51cf51d291ebf6ae2b4b65c633e4aaa4da32	tree
parent	2f5c767a828db1e6757504264110b2a628cf0c2d	commit \| diff

slirp: Add sanity check for str option length

When user provides a long domainname or hostname that doesn't fit in the
DHCP packet, we mustn't overflow the response packet buffer. Instead,
report errors, following the g_warning() in the slirp->vdnssearch
branch.

Also check the strlen against 256 when initializing slirp, which limit
is also from the protocol where one byte represents the string length.
This gives an early error before the warning which is harder to notice
or diagnose.

Reported-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Fam Zheng <famz@redhat.com>
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
(cherry picked from commit 6e157a0339793bb081705f52318fc77afd10addf)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

net/slirp.c		diff \| blob \| blame \| history
slirp/bootp.c		diff \| blob \| blame \| history