win-pvdrivers

changeset 615:0436238bcda5

Fix a crash when an incorrectly formatted TCP packet is sent/forwarded by Dom0
author James Harper <james.harper@bendigoit.com.au>
date Sat Jul 18 09:24:52 2009 +1000 (2009-07-18)
parents 36221c314d54
children fd445db0c603
files xennet/xennet_common.c
line diff
     1.1 --- a/xennet/xennet_common.c	Wed Jul 15 20:05:36 2009 +1000
     1.2 +++ b/xennet/xennet_common.c	Sat Jul 18 09:24:52 2009 +1000
     1.3 @@ -181,6 +181,12 @@ XenNet_ParsePacketHeader(packet_info_t *
     1.4        return PARSE_TOO_SMALL;
     1.5      }
     1.6    }
     1.7 +  
     1.8 +  if ((ULONG)XN_HDR_SIZE + pi->ip4_length > pi->total_length)
     1.9 +  {
    1.10 +    KdPrint((__DRIVER_NAME "     XN_HDR_SIZE + ip4_length (%d) > total_length (%d)\n", XN_HDR_SIZE + pi->ip4_length, pi->total_length));
    1.11 +    return PARSE_UNKNOWN_TYPE;
    1.12 +  }
    1.13  
    1.14    pi->tcp_length = pi->ip4_length - pi->ip4_header_length - pi->tcp_header_length;
    1.15    pi->tcp_remaining = pi->tcp_length;