Date: Mon, 5 Sep 2016 03:39:04 +0000 (UTC) From: Sepherosa Ziehau <sephe@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r305407 - head/sys/dev/hyperv/netvsc Message-ID: <201609050339.u853d4Jh076541@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sephe Date: Mon Sep 5 03:39:04 2016 New Revision: 305407 URL: https://svnweb.freebsd.org/changeset/base/305407 Log: hyperv/hn: Stringent NVS notification length check. MFC after: 1 week Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D7753 Modified: head/sys/dev/hyperv/netvsc/hv_net_vsc.c Modified: head/sys/dev/hyperv/netvsc/hv_net_vsc.c ============================================================================== --- head/sys/dev/hyperv/netvsc/hv_net_vsc.c Mon Sep 5 03:37:28 2016 (r305406) +++ head/sys/dev/hyperv/netvsc/hv_net_vsc.c Mon Sep 5 03:39:04 2016 (r305407) @@ -816,7 +816,12 @@ hn_proc_notify(struct hn_softc *sc, cons { const struct hn_nvs_hdr *hdr; + if (VMBUS_CHANPKT_DATALEN(pkt) < sizeof(*hdr)) { + if_printf(sc->hn_ifp, "invalid nvs notify\n"); + return; + } hdr = VMBUS_CHANPKT_CONST_DATA(pkt); + if (hdr->nvs_type == HN_NVS_TYPE_TXTBL_NOTE) { /* Useless; ignore */ return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609050339.u853d4Jh076541>