netkvm.sys (RedHat virtio driver) BSoD on malformed IPv4 packet

[GoogleCodeExporter]

When running a Windows 7 x64 SP1 system in QEMU the virtio NIC (netkvm.sys) 
will fault with a malformed IPv4 packet where IHL is set to 6 (i.e. options are 
included for a total packet length > 20 bytes) but the total length field is 
set to 20 bytes. That is to say that the IPv4 packets starts with 0x46000014. 
PCAP PoC is attached.

reading from file singlepkt-crash.pcap, link-type EN10MB (Ethernet)
15:04:10.451386 IP bad-len 20
        0x0000:  4600 0014 c8c9 0000 1706 9991 00e2 eea4  F...............
        0x0010:  5103 0000 0000 0000 0000 0000 0000 0000  Q...............
        0x0020:  0000 0000 0000 0000 0000                 ..........

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by scvi...@google.com on 21 Nov 2014 at 10:02

Attachments:

• singlepkt-crash.pcap

[GoogleCodeExporter]

Original comment by scvi...@google.com on 7 Jan 2015 at 5:01

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by scvi...@google.com on 8 Jan 2015 at 12:13

• Removed labels: Restrict-View-Commit

[GoogleCodeExporter]

Link to github page with fix: 
https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7
464b28eab89cc76252e6193ac1

Original comment by scvi...@google.com on 12 Jan 2015 at 6:09

[GoogleCodeExporter]

Original comment by scvi...@google.com on 13 Jan 2015 at 12:31

• Added labels: Reported-2014-Nov-21
• Removed labels: Reported-Nov-21