VirtualBox

Changeset 85146 in vbox


Ignore:
Timestamp:
Jul 9, 2020 10:20:38 AM (5 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
139093
Message:

Dev/E1000,PDM: (bugref:9764) disable UFO, UDP header checks, zero MSS handling.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/VBox/vmm/pdmnetinline.h

    r82968 r85146  
    542542        case PDMNETWORKGSOTYPE_IPV4_UDP:
    543543            if (iSeg == 0)
     544            {
     545                if (pGso->offHdr2 + sizeof(RTNETUDP::uh_ulen) > cbFrame)
     546                    return 0; /* Incomplete UDP header! */
     547                /* uh_ulen cannot exceed cbFrame - pGso->offHdr2 (offset of UDP header) */
     548                if ((unsigned)(pGso->offHdr2 + RT_BE2H_U16(((PCRTNETUDP)&pbFrame[pGso->offHdr2])->uh_ulen)) > cbFrame)
     549                    if (cbFrame > UINT16_MAX)
     550                        ((PRTNETUDP)&pbFrame[pGso->offHdr2])->uh_ulen = 0xFFFF;
     551                    else
     552                        ((PRTNETUDP)&pbFrame[pGso->offHdr2])->uh_ulen = RT_H2BE_U16((uint16_t)(cbFrame - pGso->offHdr2));
     553                Assert((unsigned)(pGso->offHdr2 + ((PCRTNETUDP)&pbFrame[pGso->offHdr2])->uh_ulen) <= cbFrame);
    544554                pdmNetGsoUpdateUdpHdrUfo(RTNetIPv4PseudoChecksum((PRTNETIPV4)&pbFrame[pGso->offHdr1]),
    545555                                         pbSegHdrs, pbFrame, pGso->offHdr2);
     556            }
    546557            pdmNetGsoUpdateIPv4HdrUfo(pbSegHdrs, pGso->offHdr1, cbSegPayload, iSeg * pGso->cbMaxSeg,
    547558                                      cbSegHdrs, iSeg + 1 == cSegs);

  • trunk/src/VBox/Devices/Network/DevE1000.cpp

    r83613 r85146  
    24742474        }
    24752475        else
     2476        {
    24762477            status.fVP = false; /* Set VP only if we stripped the tag */
     2478            memcpy(rxPacket, pvBuf, cb);
     2479        }
    24772480    }
    24782481    else
     
    36613664    pGso->offHdr2  = pCtx->tu.u8CSS;
    36623665    pGso->cbHdrsTotal = pCtx->dw3.u8HDRLEN;
    3663     pGso->cbMaxSeg = pCtx->dw3.u16MSS;
     3666    pGso->cbMaxSeg = pCtx->dw3.u16MSS + (pGso->u8Type == PDMNETWORKGSOTYPE_IPV4_UDP ? pGso->offHdr2 : 0);
    36643667    Assert(PDMNetGsoIsValid(pGso, sizeof(*pGso), pGso->cbMaxSeg * 5));
    36653668    E1kLog2(("e1kSetupGsoCtx: mss=%#x hdr=%#x hdrseg=%#x hdr1=%#x hdr2=%#x %s\n",
     
    46044607             pThis->szPrf, cbFragment, pThis->u16TxPktLen, pTxSg->cbUsed, pTxSg->cbAvailable,
    46054608             fGso ? "true" : "false"));
     4609    PCPDMNETWORKGSO pGso = (PCPDMNETWORKGSO)pTxSg->pvUser;
     4610    if (pGso)
     4611    {
     4612        if (RT_UNLIKELY(pGso->cbMaxSeg == 0))
     4613        {
     4614            E1kLog(("%s zero-sized fragments are not allowed\n", pThis->szPrf));
     4615            return false;
     4616        }
     4617        if (RT_UNLIKELY(pGso->u8Type == PDMNETWORKGSOTYPE_IPV4_UDP))
     4618        {
     4619            E1kLog(("%s UDP fragmentation is no longer supported\n", pThis->szPrf));
     4620            return false;
     4621        }
     4622    }
    46064623    if (RT_UNLIKELY( !fGso && cbNewPkt > E1K_MAX_TX_PKT_SIZE ))
    46074624    {
     
    52675284            default:
    52685285                AssertMsgFailed(("Impossible descriptor type!"));
     5286                continue;
    52695287        }
    52705288        if (pDesc->legacy.cmd.fEOP)
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette