original_kernel/drivers/net/hyperv
Andrea Parri (Microsoft) 3946688edb hv_netvsc: Fix validation in netvsc_linkstatus_callback()
Contrary to the RNDIS protocol specification, certain (pre-Fe)
implementations of Hyper-V's vSwitch did not account for the status
buffer field in the length of an RNDIS packet; the bug was fixed in
newer implementations.  Validate the status buffer fields using the
length of the 'vmtransfer_page' packet (all implementations), that
is known/validated to be less than or equal to the receive section
size and not smaller than the length of the RNDIS message.

Reported-by: Dexuan Cui <decui@microsoft.com>
Suggested-by: Haiyang Zhang <haiyangz@microsoft.com>
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Fixes: 505e3f00c3 ("hv_netvsc: Add (more) validation for untrusted Hyper-V values")
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-01 15:30:52 -08:00
..
Kconfig
Makefile
hyperv_net.h hv_netvsc: Fix validation in netvsc_linkstatus_callback() 2021-03-01 15:30:52 -08:00
netvsc.c
netvsc_bpf.c
netvsc_drv.c hv_netvsc: Fix validation in netvsc_linkstatus_callback() 2021-03-01 15:30:52 -08:00
netvsc_trace.c
netvsc_trace.h
rndis_filter.c hv_netvsc: Fix validation in netvsc_linkstatus_callback() 2021-03-01 15:30:52 -08:00