From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001

From: Daniel Axtens <dja@axtens.net>

Date: Tue, 8 Mar 2022 23:47:46 +1100

Subject: [PATCH] net/netbuff: Block overly large netbuff allocs

A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment

reassembly.

This helps avoid some bugs (and provides a spot to instrument to catch

them at their source).

Signed-off-by: Daniel Axtens <dja@axtens.net>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57)

---

 grub-core/net/netbuff.c | 13 +++++++++++++

 1 file changed, 13 insertions(+)

diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c

index dbeeefe478..d5e9e9a0d7 100644

--- a/grub-core/net/netbuff.c

+++ b/grub-core/net/netbuff.c

@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len)

   COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0);

+  /*

+   * The largest size of a TCP packet is 64 KiB, and everything else

+   * should be a lot smaller - most MTUs are 1500 or less. Cap data

+   * size at 64 KiB + a buffer.

+   */

+  if (len > 0xffffUL + 0x1000UL)

+    {

+      grub_error (GRUB_ERR_BUG,

+                  "attempted to allocate a packet that is too big");

+      return NULL;

+    }

+

   if (len < NETBUFFMINLEN)

     len = NETBUFFMINLEN;

   len = ALIGN_UP (len, NETBUFF_ALIGN);

+

 #ifdef GRUB_MACHINE_EMU

   data = grub_malloc (len + sizeof (*nb));

 #else