qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/2] linux-user: don't swap NLMSG_DATA() fields


From: Laurent Vivier
Subject: Re: [Qemu-devel] [PATCH 2/2] linux-user: don't swap NLMSG_DATA() fields
Date: Fri, 17 Jun 2016 00:09:51 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0


Le 16/06/2016 à 23:09, Peter Maydell a écrit :
> On 16 June 2016 at 20:01, Laurent Vivier <address@hidden> wrote:
>> If the structure pointed by NLMSG_DATA() is bigger
>> than the size of NLMSG_DATA(), don't swap its fields
>> to avoid memory corruption.
>>
>> Signed-off-by: Laurent Vivier <address@hidden>
>> ---
> 
> Reviewed-by: Peter Maydell <address@hidden>
> 
> Can this actually happen in normal operation?

Yes, I've detected that debugging "apt-get update" on debian jessie with
qemu-s390x. This is the first call to netlink:

00 00 00 14     nlmsg_len=20
00 16           nlmsg_type=RTM_GETADDR
03 01           nlmsg_flags=0x0301
57 62 b7 fb     nlmsg_seq=0x5762b7fb
00 00 00 00     nlmsg_pid=0
00 00 00 00     NLMSG_DATA() = struct ifaddrmsg

struct ifaddrmsg {
        __u8            ifa_family;
        __u8            ifa_prefixlen;
        __u8            ifa_flags;
        __u8            ifa_scope;
        __u32           ifa_index;
};

Laurent



reply via email to

[Prev in Thread] Current Thread [Next in Thread]