Blame SOURCES/0133-trim-arp-packets-with-abnormal-size.patch

a85e8e
From d11b2eb425d2125f67dd8d8e9b11d9be7d6f3f11 Mon Sep 17 00:00:00 2001
a85e8e
From: Paulo Flabiano Smorigo <pfsmorigo@br.ibm.com>
a85e8e
Date: Wed, 5 Feb 2014 09:42:42 -0200
a85e8e
Subject: [PATCH 133/260] trim arp packets with abnormal size
a85e8e
a85e8e
GRUB uses arp request to create the arp response. If the incoming packet
a85e8e
is foobared, GRUB needs to trim the arp response packet before sending it.
a85e8e
---
a85e8e
 grub-core/net/arp.c | 6 ++++++
a85e8e
 1 file changed, 6 insertions(+)
a85e8e
a85e8e
diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c
a85e8e
index d62d0cc1e..77581f4b2 100644
a85e8e
--- a/grub-core/net/arp.c
a85e8e
+++ b/grub-core/net/arp.c
a85e8e
@@ -162,6 +162,12 @@ grub_net_arp_receive (struct grub_net_buff *nb,
a85e8e
     if (grub_net_addr_cmp (&inf->address, &target_addr) == 0
a85e8e
 	&& grub_be_to_cpu16 (arp_header->op) == ARP_REQUEST)
a85e8e
       {
a85e8e
+        if ((nb->tail - nb->data) > 50)
a85e8e
+          {
a85e8e
+            grub_dprintf ("net", "arp packet with abnormal size (%ld bytes).\n",
a85e8e
+                         nb->tail - nb->data);
a85e8e
+            nb->tail = nb->data + 50;
a85e8e
+          }
a85e8e
 	grub_net_link_level_address_t target;
a85e8e
 	/* We've already checked that pln is either 4 or 16.  */
a85e8e
 	char tmp[16];
a85e8e
-- 
a85e8e
2.13.0
a85e8e