www.infradead.org Git - users/willy/xarray.git/commit

author	Andrea Parri (Microsoft) <parri.andrea@gmail.com>
	Mon, 1 Mar 2021 18:25:30 +0000 (19:25 +0100)
committer	David S. Miller <davem@davemloft.net>
	Mon, 1 Mar 2021 23:30:52 +0000 (15:30 -0800)
commit	3946688edbc5b629110c339b3babf10aa9e7adad
tree	b72e021c1b857c4407f941010280e78d6296b573	tree
parent	9200f515c41f4cbaeffd8fdd1d8b6373a18b1b67	commit \| diff

hv_netvsc: Fix validation in netvsc_linkstatus_callback()

Contrary to the RNDIS protocol specification, certain (pre-Fe)
implementations of Hyper-V's vSwitch did not account for the status
buffer field in the length of an RNDIS packet; the bug was fixed in
newer implementations. Validate the status buffer fields using the
length of the 'vmtransfer_page' packet (all implementations), that
is known/validated to be less than or equal to the receive section
size and not smaller than the length of the RNDIS message.

Reported-by: Dexuan Cui <decui@microsoft.com>
Suggested-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Fixes: 505e3f00c3f36 ("hv_netvsc: Add (more) validation for untrusted Hyper-V values")
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/hyperv/hyperv_net.h		diff \| blob \| history
drivers/net/hyperv/netvsc_drv.c		diff \| blob \| history
drivers/net/hyperv/rndis_filter.c		diff \| blob \| history