VirtualBox

Changeset 100883 in vbox for trunk/src/VBox/Devices


Ignore:
Timestamp:
Aug 16, 2023 11:39:26 AM (16 months ago)
Author:
vboxsync
Message:

Devices/Network/DevVirtioNet: Fix support for VLANs due to wrong size and ID checks, ticketref:21778

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Network/DevVirtioNet.cpp

    r100872 r100883  
    23732373        case VIRTIONET_CTRL_MQ_VQ_PAIRS_SET:
    23742374        {
    2375             size_t cbRemaining = pVirtqBuf->cbPhysSend - sizeof(*pCtrlPktHdr);
     2375            size_t cbRemaining = pVirtqBuf->cbPhysSend;
    23762376
    23772377            AssertMsgReturn(cbRemaining > sizeof(cVirtqPairs),
     
    24252425
    24262426    uint16_t uVlanId;
    2427     size_t cbRemaining = pVirtqBuf->cbPhysSend - sizeof(*pCtrlPktHdr);
    2428 
    2429     AssertMsgReturn(cbRemaining > sizeof(uVlanId),
     2427    size_t cbRemaining = pVirtqBuf->cbPhysSend;
     2428
     2429    AssertMsgReturn(cbRemaining >= sizeof(uVlanId),
    24302430        ("DESC chain too small for VIRTIONET_CTRL_VLAN cmd processing"), VIRTIONET_ERROR);
    24312431
     
    24332433    virtioCoreR3VirtqBufDrain(&pThis->Virtio, pVirtqBuf, &uVlanId, sizeof(uVlanId));
    24342434
    2435     AssertMsgReturn(uVlanId > VIRTIONET_MAX_VLAN_ID,
     2435    AssertMsgReturn(uVlanId < VIRTIONET_MAX_VLAN_ID,
    24362436        ("%s VLAN ID out of range (VLAN ID=%u)\n", pThis->szInst, uVlanId), VIRTIONET_ERROR);
    24372437
     
    24922492     * Allocate buffer and read in the control command
    24932493     */
    2494     AssertMsgReturnVoid(pVirtqBuf->cbPhysSend >= sizeof(VIRTIONET_CTRL_HDR_T),
    2495                         ("DESC chain too small for CTRL pkt header"));
    2496 
    24972494    VIRTIONET_CTRL_HDR_T CtrlPktHdr; RT_ZERO(CtrlPktHdr);
    2498     virtioCoreR3VirtqBufDrain(&pThis->Virtio, pVirtqBuf, &CtrlPktHdr,
    2499                               RT_MIN(pVirtqBuf->cbPhysSend, sizeof(CtrlPktHdr)));
     2495    AssertLogRelMsgReturnVoid(pVirtqBuf->cbPhysSend >= sizeof(CtrlPktHdr),
     2496                              ("DESC chain too small for CTRL pkt header"));
     2497    virtioCoreR3VirtqBufDrain(&pThis->Virtio, pVirtqBuf, &CtrlPktHdr, sizeof(CtrlPktHdr));
    25002498
    25012499    Log7Func(("[%s] CTRL COMMAND: class=%d command=%d\n", pThis->szInst, CtrlPktHdr.uClass, CtrlPktHdr.uCmd));
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette