diff options
author | Steven Noonan <steven@uplinklabs.net> | 2015-01-16 16:46:11 -0800 |
---|---|---|
committer | Mohamad Ayyash <mkayyash@google.com> | 2015-03-06 17:58:14 -0800 |
commit | 868902df131bcef342fb735b89027f6139d47c7f (patch) | |
tree | b866a72dc5053384baf401e5c7811700e795ee40 | |
parent | bf2d81692e9afaece1026702ad62433472739185 (diff) | |
download | fio-868902df131bcef342fb735b89027f6139d47c7f.tar.gz |
net: don't record/verify UDP sequence numbers if buffer is too small
This causes a bunch of out-of-bounds accesses if you have really small buffer
sizes (i.e. 16 bytes will crash).
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Jens Axboe <axboe@fb.com>
-rw-r--r-- | engines/net.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/engines/net.c b/engines/net.c index 7a0fe696..cd195352 100644 --- a/engines/net.c +++ b/engines/net.c @@ -484,6 +484,9 @@ static void store_udp_seq(struct netio_data *nd, struct io_u *io_u) { struct udp_seq *us; + if (io_u->xfer_buflen < sizeof(*us)) + return; + us = io_u->xfer_buf + io_u->xfer_buflen - sizeof(*us); us->magic = cpu_to_le64((uint64_t) FIO_UDP_SEQ_MAGIC); us->bs = cpu_to_le64((uint64_t) io_u->xfer_buflen); @@ -496,6 +499,9 @@ static void verify_udp_seq(struct thread_data *td, struct netio_data *nd, struct udp_seq *us; uint64_t seq; + if (io_u->xfer_buflen < sizeof(*us)) + return; + if (nd->seq_off) return; |