[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 2/2] linux-user: don't swap NLMSG_DATA() fields
From: |
Laurent Vivier |
Subject: |
Re: [Qemu-devel] [PATCH 2/2] linux-user: don't swap NLMSG_DATA() fields |
Date: |
Fri, 17 Jun 2016 00:09:51 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 |
Le 16/06/2016 à 23:09, Peter Maydell a écrit :
> On 16 June 2016 at 20:01, Laurent Vivier <address@hidden> wrote:
>> If the structure pointed by NLMSG_DATA() is bigger
>> than the size of NLMSG_DATA(), don't swap its fields
>> to avoid memory corruption.
>>
>> Signed-off-by: Laurent Vivier <address@hidden>
>> ---
>
> Reviewed-by: Peter Maydell <address@hidden>
>
> Can this actually happen in normal operation?
Yes, I've detected that debugging "apt-get update" on debian jessie with
qemu-s390x. This is the first call to netlink:
00 00 00 14 nlmsg_len=20
00 16 nlmsg_type=RTM_GETADDR
03 01 nlmsg_flags=0x0301
57 62 b7 fb nlmsg_seq=0x5762b7fb
00 00 00 00 nlmsg_pid=0
00 00 00 00 NLMSG_DATA() = struct ifaddrmsg
struct ifaddrmsg {
__u8 ifa_family;
__u8 ifa_prefixlen;
__u8 ifa_flags;
__u8 ifa_scope;
__u32 ifa_index;
};
Laurent