Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
slirp: Fix heap overflow in ip_reass on big packet input
When the first fragment does not fit in the preallocated buffer, q will already be pointing to the ext buffer, so we mustn't try to update it. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> (from libslirp.git commit 126c04acbabd7ad32c2b018fe10dfac2a3bc1210) (from libslirp.git commit e0be80430c390bce181ea04dfcdd6ea3dfa97de1) *squash in e0be80 (clarifying comments) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
- Loading branch information