diff mbox series

[v5,2/3] net: tulip: add .can_receive routine

Message ID 20200319174050.759794-3-ppandit@redhat.com (mailing list archive)
State New, archived
Headers show
Series net: tulip: add checks to avoid OOB access | expand

Commit Message

Prasad Pandit March 19, 2020, 5:40 p.m. UTC 
From: Prasad J Pandit <pjp@fedoraproject.org>

Define .can_receive routine to do sanity checks before receiving
packet data.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/net/tulip.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

Update v3: define .can_receive routine
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg06275.html

Update v5: fix a typo in commit log message
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06209.html

Comments

Philippe Mathieu-Daudé March 19, 2020, 7:10 p.m. UTC | #1 
On 3/19/20 6:40 PM, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
> 
> Define .can_receive routine to do sanity checks before receiving
> packet data.
> 
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
>   hw/net/tulip.c | 15 ++++++++++++++-
>   1 file changed, 14 insertions(+), 1 deletion(-)
> 
> Update v3: define .can_receive routine
>    -> https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg06275.html
> 
> Update v5: fix a typo in commit log message
>    -> https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06209.html
> 
> diff --git a/hw/net/tulip.c b/hw/net/tulip.c
> index fbe40095da..757f12c710 100644
> --- a/hw/net/tulip.c
> +++ b/hw/net/tulip.c
> @@ -229,6 +229,18 @@ static bool tulip_filter_address(TULIPState *s, const uint8_t *addr)
>       return ret;
>   }
>   
> +static int
> +tulip_can_receive(NetClientState *nc)
> +{
> +    TULIPState *s = qemu_get_nic_opaque(nc);
> +
> +    if (s->rx_frame_len || tulip_rx_stopped(s)) {
> +        return false;
> +    }
> +
> +    return true;
> +}
> +
>   static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
>   {
>       struct tulip_descriptor desc;
> @@ -236,7 +248,7 @@ static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
>       trace_tulip_receive(buf, size);
>   
>       if (size < 14 || size > sizeof(s->rx_frame) - 4
> -        || s->rx_frame_len || tulip_rx_stopped(s)) {
> +        || !tulip_can_receive(s->nic->ncs)) {
>           return 0;
>       }
>   
> @@ -288,6 +300,7 @@ static NetClientInfo net_tulip_info = {
>       .type = NET_CLIENT_DRIVER_NIC,
>       .size = sizeof(NICState),
>       .receive = tulip_receive_nc,
> +    .can_receive = tulip_can_receive,
>   };
>   
>   static const char *tulip_reg_name(const hwaddr addr)
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
diff mbox series

Patch

diff --git a/hw/net/tulip.c b/hw/net/tulip.c
index fbe40095da..757f12c710 100644
--- a/hw/net/tulip.c
+++ b/hw/net/tulip.c
@@ -229,6 +229,18 @@  static bool tulip_filter_address(TULIPState *s, const uint8_t *addr)
     return ret;
 }
 
+static int
+tulip_can_receive(NetClientState *nc)
+{
+    TULIPState *s = qemu_get_nic_opaque(nc);
+
+    if (s->rx_frame_len || tulip_rx_stopped(s)) {
+        return false;
+    }
+
+    return true;
+}
+
 static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
 {
     struct tulip_descriptor desc;
@@ -236,7 +248,7 @@  static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
     trace_tulip_receive(buf, size);
 
     if (size < 14 || size > sizeof(s->rx_frame) - 4
-        || s->rx_frame_len || tulip_rx_stopped(s)) {
+        || !tulip_can_receive(s->nic->ncs)) {
         return 0;
     }
 
@@ -288,6 +300,7 @@  static NetClientInfo net_tulip_info = {
     .type = NET_CLIENT_DRIVER_NIC,
     .size = sizeof(NICState),
     .receive = tulip_receive_nc,
+    .can_receive = tulip_can_receive,
 };
 
 static const char *tulip_reg_name(const hwaddr addr)