net: don't record/verify UDP sequence numbers if buffer is too small This causes a bunch of out-of-bounds accesses if you have really small buffer sizes (i.e. 16 bytes will crash). Signed-off-by: Steven Noonan <steven@uplinklabs.net> Signed-off-by: Jens Axboe <axboe@fb.com>

commit: 868902df131bcef342fb735b89027f6139d47c7f [log] [tgz]
author: Steven Noonan <steven@uplinklabs.net> Fri Jan 16 16:46:11 2015 -0800
committer: Mohamad Ayyash <mkayyash@google.com> Fri Mar 06 17:58:14 2015 -0800
tree: b866a72dc5053384baf401e5c7811700e795ee40
parent: bf2d81692e9afaece1026702ad62433472739185 [diff]
diff --git a/engines/net.c b/engines/net.c
index 7a0fe69..cd19535 100644
--- a/engines/net.c
+++ b/engines/net.c

@@ -484,6 +484,9 @@
 {
 	struct udp_seq *us;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	us = io_u->xfer_buf + io_u->xfer_buflen - sizeof(*us);
 	us->magic = cpu_to_le64((uint64_t) FIO_UDP_SEQ_MAGIC);
 	us->bs = cpu_to_le64((uint64_t) io_u->xfer_buflen);
@@ -496,6 +499,9 @@
 	struct udp_seq *us;
 	uint64_t seq;
 
+	if (io_u->xfer_buflen < sizeof(*us))
+		return;
+
 	if (nd->seq_off)
 		return;
commit	868902df131bcef342fb735b89027f6139d47c7f	[log] [tgz]
author	Steven Noonan <steven@uplinklabs.net>	Fri Jan 16 16:46:11 2015 -0800
committer	Mohamad Ayyash <mkayyash@google.com>	Fri Mar 06 17:58:14 2015 -0800
tree	b866a72dc5053384baf401e5c7811700e795ee40
parent	bf2d81692e9afaece1026702ad62433472739185 [diff]