summaryrefslogtreecommitdiff
path: root/hw/smc91c111.c
diff options
context:
space:
mode:
authorReimar Döffinger <Reimar.Doeffinger@gmx.de>2009-08-20 12:34:22 +0200
committerAnthony Liguori <aliguori@us.ibm.com>2009-08-27 20:35:30 -0500
commit0b6939c4d1ac0ca6d7c5e52611713981a413cf86 (patch)
tree21bbfccd419644c35a743d587f47dc3faa5f59b8 /hw/smc91c111.c
parentff87765c291bb566a467e6b00f1bd5b661e0b1a6 (diff)
downloadqemu-0b6939c4d1ac0ca6d7c5e52611713981a413cf86.tar.gz
qemu-0b6939c4d1ac0ca6d7c5e52611713981a413cf86.tar.bz2
qemu-0b6939c4d1ac0ca6d7c5e52611713981a413cf86.zip
fix stack buffer overflows in eepro100.c tx
Hello, the real world issue is that the hardware allows sends up to 2600 bytes, and for some reason FreeBSD sometimes sends frames larger than the ethernet frame size (102+1460 is the maximum I have seen so far), overflowing the on-stack tx buffer of the driver. Independent of that, the code should avoid allowing the guest to overwrite the stack. This is a minimal patch to fix the issue (you could leave out the size change of the buf array as well, networking still seems to work either way). Obviously there are better ways to handle it, but a proper fix IMO would involve first getting rid of the code duplication and given the number of patches pending for that code I see no point in working on that now. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/smc91c111.c')
0 files changed, 0 insertions, 0 deletions