From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 8 Mar 2022 23:47:46 +1100
Subject: [PATCH] net/netbuff: Block overly large netbuff allocs

A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment
reassembly.

This helps avoid some bugs (and provides a spot to instrument to catch
them at their source).

Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
(cherry picked from commit ee9591103004cd13b4efadda671536090ca7fd57)
(cherry picked from commit acde668bb9d9fa862a1a63e3bbd5fa47fdfa9183)
(cherry picked from commit e47ad2eb4fe38ef2bdcab52245286f31170e73e3)
---
 grub-core/net/netbuff.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/grub-core/net/netbuff.c b/grub-core/net/netbuff.c
index dbeeefe478..d5e9e9a0d7 100644
--- a/grub-core/net/netbuff.c
+++ b/grub-core/net/netbuff.c
@@ -79,10 +79,23 @@ grub_netbuff_alloc (grub_size_t len)
 
   COMPILE_TIME_ASSERT (NETBUFF_ALIGN % sizeof (grub_properly_aligned_t) == 0);
 
+  /*
+   * The largest size of a TCP packet is 64 KiB, and everything else
+   * should be a lot smaller - most MTUs are 1500 or less. Cap data
+   * size at 64 KiB + a buffer.
+   */
+  if (len > 0xffffUL + 0x1000UL)
+    {
+      grub_error (GRUB_ERR_BUG,
+                  "attempted to allocate a packet that is too big");
+      return NULL;
+    }
+
   if (len < NETBUFFMINLEN)
     len = NETBUFFMINLEN;
 
   len = ALIGN_UP (len, NETBUFF_ALIGN);
+
 #ifdef GRUB_MACHINE_EMU
   data = grub_malloc (len + sizeof (*nb));
 #else