diff options
| author | Daniel Axtens <dja@axtens.net> | 2022-03-08 23:47:46 +1100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2022-06-08 12:41:03 +0200 |
| commit | 4ea64c827f8bc57180772fd5671ddd010cb7b2ed (patch) | |
| tree | 52dcc9e17eb2c278759b10c4d3d0fb42183111ae | |
| parent | 557370849b914110a9efbd7256dc3942a8af8b99 (diff) | |
net/netbuff: Block overly large netbuff allocs
A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment
reassembly.
This helps avoid some bugs (and provides a spot to instrument to catch
them at their source).
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
| -rw-r--r-- | grub-core/net/netbuff.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c index dbeeefe47..d5e9e9a0d 100644 --- a/grub-core/net/netbuff.c +++ b/grub-core/net/netbuff.c @@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len) COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0); + /* + * The largest size of a TCP packet is 64 KiB, and everything else + * should be a lot smaller - most MTUs are 1500 or less. Cap data + * size at 64 KiB + a buffer. + */ + if (len > 0xffffUL + 0x1000UL) + { + grub_error (GRUB_ERR_BUG, + "attempted to allocate a packet that is too big"); + return NULL; + } + if (len < NETBUFFMINLEN) len = NETBUFFMINLEN; len = ALIGN_UP (len, NETBUFF_ALIGN); + #ifdef GRUB_MACHINE_EMU data = grub_malloc (len + sizeof (*nb)); #else |