On Sat, Jan 19, 2013 at 09:54:27AM +0800, akong@xxxxxxxxxx wrote:
> @@ -350,6 +351,18 @@ static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
> struct virtio_net_ctrl_mac mac_data;
> size_t s;
>
> + if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
> + if (iov_size(iov, iov_cnt) != ETH_ALEN) {
> + return VIRTIO_NET_ERR;
> + }
> + s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
> + if (s != sizeof(n->mac)) {
> + return VIRTIO_NET_ERR;
> + }
Since iov_size() was checked before iov_to_buf(), we never hit this
error. And if we did n->mac would be trashed (i.e. error handling is
not complete).
I think assert(s == sizeof(n->mac)) is more appropriate appropriate.
Also, please change ETH_ALEN to sizeof(n->mac) to make the relationship
between the check and the copy clear.
Stefan
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
