You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.5 KiB
47 lines
1.5 KiB
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
|
From: Daniel Axtens <dja@axtens.net> |
|
Date: Tue, 8 Mar 2022 23:47:46 +1100 |
|
Subject: [PATCH] net/netbuff: Block overly large netbuff allocs |
|
|
|
A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment |
|
reassembly. |
|
|
|
This helps avoid some bugs (and provides a spot to instrument to catch |
|
them at their source). |
|
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net> |
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> |
|
(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57) |
|
(cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183) |
|
--- |
|
grub-core/net/netbuff.c | 13 +++++++++++++ |
|
1 file changed, 13 insertions(+) |
|
|
|
diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c |
|
index dbeeefe478..d5e9e9a0d7 100644 |
|
--- a/grub-core/net/netbuff.c |
|
+++ b/grub-core/net/netbuff.c |
|
@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) |
|
|
|
COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); |
|
|
|
+ /* |
|
+ * The largest size of a TCP packet is 64 KiB, and everything else |
|
+ * should be a lot smaller - most MTUs are 1500 or less. Cap data |
|
+ * size at 64 KiB + a buffer. |
|
+ */ |
|
+ if (len > 0xffffUL + 0x1000UL) |
|
+ { |
|
+ grub_error (GRUB_ERR_BUG, |
|
+ "attempted to allocate a packet that is too big"); |
|
+ return NULL; |
|
+ } |
|
+ |
|
if (len < NETBUFFMINLEN) |
|
len = NETBUFFMINLEN; |
|
|
|
len = ALIGN_UP (len, NETBUFF_ALIGN); |
|
+ |
|
#ifdef GRUB_MACHINE_EMU |
|
data = grub_malloc (len + sizeof (*nb)); |
|
#else
|
|
|