VirtualBox

Ticket #11863: diff_nat_4_1

File diff_nat_4_1, 2.9 KB (added by Frank Mehnert, 11 years ago)

Patch for VBox 4.1.26 (included in VBox 4.1.28)

Line 
1Index: src/VBox/Devices/Network/DrvNAT.cpp
2===================================================================
3--- src/VBox/Devices/Network/DrvNAT.cpp (revision 87700)
4+++ src/VBox/Devices/Network/DrvNAT.cpp (revision 87701)
5@@ -60,6 +60,8 @@
6 * Defined Constants And Macros *
7 *******************************************************************************/
8
9+#define DRVNAT_MAXFRAMESIZE (16 * 1024)
10+
11 /**
12 * @todo: This is a bad hack to prevent freezing the guest during high network
13 * activity. Windows host only. This needs to be fixed properly.
14@@ -468,6 +470,16 @@
15 return VERR_NO_MEMORY;
16 if (!pGso)
17 {
18+ /*
19+ * Drop the frame if it is too big.
20+ */
21+ if (cbMin >= DRVNAT_MAXFRAMESIZE)
22+ {
23+ Log(("drvNATNetowrkUp_AllocBuf: drops over-sized frame (%u bytes), returns VERR_INVALID_PARAMETER\n",
24+ cbMin));
25+ return VERR_INVALID_PARAMETER;
26+ }
27+
28 pSgBuf->pvUser = NULL;
29 pSgBuf->pvAllocator = slirp_ext_m_get(pThis->pNATState, cbMin,
30 &pSgBuf->aSegs[0].pvSeg, &pSgBuf->aSegs[0].cbSeg);
31@@ -479,6 +491,16 @@
32 }
33 else
34 {
35+ /*
36+ * Drop the frame if its segment is too big.
37+ */
38+ if (pGso->cbHdrsTotal + pGso->cbMaxSeg >= DRVNAT_MAXFRAMESIZE)
39+ {
40+ Log(("drvNATNetowrkUp_AllocBuf: drops over-sized frame (%u bytes), returns VERR_INVALID_PARAMETER\n",
41+ pGso->cbHdrsTotal + pGso->cbMaxSeg));
42+ return VERR_INVALID_PARAMETER;
43+ }
44+
45 pSgBuf->pvUser = RTMemDup(pGso, sizeof(*pGso));
46 pSgBuf->pvAllocator = NULL;
47 pSgBuf->aSegs[0].cbSeg = RT_ALIGN_Z(cbMin, 16);
48Index: src/VBox/Devices/Network/slirp/ip_icmp.c
49===================================================================
50--- src/VBox/Devices/Network/slirp/ip_icmp.c (revision 87700)
51+++ src/VBox/Devices/Network/slirp/ip_icmp.c (revision 87701)
52@@ -615,6 +615,7 @@
53 register struct ip *ip;
54 register struct icmp *icp;
55 register struct mbuf *m;
56+ int new_ip_size = 0;
57 int new_m_size = 0;
58 int size = 0;
59
60@@ -657,7 +658,8 @@
61 goto end_error;
62 }
63
64- new_m_size = sizeof(struct ip) + ICMP_MINLEN + msrc->m_len + ICMP_MAXDATALEN;
65+ new_ip_size = sizeof(struct ip) + ICMP_MINLEN + ICMP_MAXDATALEN;
66+ new_m_size = if_maxlinkhdr + new_ip_size;
67 if (new_m_size < MSIZE)
68 size = MCLBYTES;
69 else if (new_m_size < MCLBYTES)
70@@ -675,8 +677,8 @@
71 m->m_data += if_maxlinkhdr;
72 m->m_pkthdr.header = mtod(m, void *);
73
74- memcpy(m->m_data, msrc->m_data, msrc->m_len);
75- m->m_len = msrc->m_len; /* copy msrc to m */
76+ m->m_len = msrc->m_len < new_ip_size ? msrc->m_len : new_ip_size;
77+ memcpy(m->m_data, msrc->m_data, m->m_len); /* copy msrc to m */
78
79 /* make the header of the reply packet */
80 ip = mtod(m, struct ip *);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy