X-Git-Url: http://v3vee.org/palacios/gitweb/gitweb.cgi?a=blobdiff_plain;f=linux_module%2Fiface-keyed-stream.c;h=99524e1b459e5eee235c752b982d53a71bc48ebd;hb=a5d2c00cc461b4a60a1360a2a0bba55cef467bab;hp=365a9c73544aeacc48448071b83fdaa63a088ffe;hpb=d22c11cec4e8c3390bfe6bf16ed07f5d073f0d4a;p=palacios.git

diff --git a/linux_module/iface-keyed-stream.c b/linux_module/iface-keyed-stream.c
index 365a9c7..99524e1 100644
--- a/linux_module/iface-keyed-stream.c
+++ b/linux_module/iface-keyed-stream.c
@@ -1853,6 +1853,7 @@ static long keyed_stream_ioctl_user(struct file * filp, unsigned int ioctl, unsi
             return -EFAULT;
         }
 
+	// overflow possible here for very large request
 	if (resize_op(&(s->op),size-sizeof(struct palacios_user_keyed_stream_op))) {
 	    ERROR("unable to resize op in user key push response\n");
             palacios_spinlock_unlock_irqrestore(&(s->lock), flags);
@@ -1934,6 +1935,7 @@ int keyed_stream_connect_user(struct v3_guest *guest, unsigned int cmd, unsigned
 	return -1;
     }
 
+    // overflow possible here, but only if this is a huge guest request (>4GB)
     url = palacios_alloc(len);
     
     if (!url) { 
@@ -2780,7 +2782,7 @@ static sint64_t write_key_net(v3_keyed_stream_t stream, v3_keyed_stream_key_t ke
 	    ERROR("Could not send tag length in write_key_net\n");
 	    return -1;
 	} 
-	if (send_msg(nks->ns,tag,taglen)!=len) { 
+	if (send_msg(nks->ns,tag,taglen)!=taglen) { 
 	    ERROR("Could not send tag in write_key_net\n");
 	    return -1;
 	}