diff options
Diffstat (limited to 'src/VBox/HostDrivers')
10 files changed, 106 insertions, 30 deletions
diff --git a/src/VBox/HostDrivers/Support/SUPDrv.cpp b/src/VBox/HostDrivers/Support/SUPDrv.cpp index 59573a31..8c9ffccb 100644 --- a/src/VBox/HostDrivers/Support/SUPDrv.cpp +++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp @@ -1847,6 +1847,7 @@ static int supdrvIOCtlInnerUnrestricted(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, { /* validate */ PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr; + uint8_t const * const pbSrcImage = pReq->u.In.abImage; REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= SUP_IOCTL_LDR_LOAD_SIZE_IN(32)); REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithEverything), SUP_IOCTL_LDR_LOAD_SIZE_OUT); REQ_CHECK_EXPR_FMT( !pReq->u.In.cSymbols @@ -1875,14 +1876,14 @@ static int supdrvIOCtlInnerUnrestricted(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, if (pReq->u.In.cSymbols) { uint32_t i; - PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.abImage[pReq->u.In.offSymbols]; + PSUPLDRSYM paSyms = (PSUPLDRSYM)(&pbSrcImage[pReq->u.In.offSymbols]); for (i = 0; i < pReq->u.In.cSymbols; i++) { REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithEverything, ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithEverything)); REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab, ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything)); - REQ_CHECK_EXPR_FMT(RTStrEnd((char const *)&pReq->u.In.abImage[pReq->u.In.offStrTab + paSyms[i].offName], + REQ_CHECK_EXPR_FMT(RTStrEnd((char const *)(&pbSrcImage[pReq->u.In.offStrTab + paSyms[i].offName]), pReq->u.In.cbStrTab - paSyms[i].offName), ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything)); } @@ -1890,7 +1891,7 @@ static int supdrvIOCtlInnerUnrestricted(uintptr_t uIOCtl, PSUPDRVDEVEXT pDevExt, { uint32_t i; uint32_t offPrevEnd = 0; - PSUPLDRSEG paSegs = (PSUPLDRSEG)&pReq->u.In.abImage[pReq->u.In.offSegments]; + PSUPLDRSEG paSegs = (PSUPLDRSEG)(&pbSrcImage[pReq->u.In.offSegments]); for (i = 0; i < pReq->u.In.cSegments; i++) { REQ_CHECK_EXPR_FMT(paSegs[i].off < pReq->u.In.cbImageBits && !(paSegs[i].off & PAGE_OFFSET_MASK), @@ -5548,7 +5549,8 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, P pImage->cSegments = pReq->u.In.cSegments; { size_t cbSegments = pImage->cSegments * sizeof(SUPLDRSEG); - pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments); + uint8_t const * const pbSrcImage = pReq->u.In.abImage; + pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pbSrcImage[pReq->u.In.offSegments], cbSegments); if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */ pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE); else @@ -5617,10 +5619,11 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, P */ if (!pImage->fNative) { + uint8_t const * const pbSrcImage = pReq->u.In.abImage; pImage->cbStrTab = pReq->u.In.cbStrTab; if (pImage->cbStrTab) { - pImage->pachStrTab = (char *)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab); + pImage->pachStrTab = (char *)RTMemDup(&pbSrcImage[pReq->u.In.offStrTab], pImage->cbStrTab); if (!pImage->pachStrTab) rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for string table: %#x", pImage->cbStrTab); SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING); @@ -5630,7 +5633,7 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDEVEXT pDevExt, PSUPDRVSESSION pSession, P if (RT_SUCCESS(rc) && pImage->cSymbols) { size_t cbSymbols = pImage->cSymbols * sizeof(SUPLDRSYM); - pImage->paSymbols = (PSUPLDRSYM)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols); + pImage->paSymbols = (PSUPLDRSYM)RTMemDup(&pbSrcImage[pReq->u.In.offSymbols], cbSymbols); if (!pImage->paSymbols) rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols); SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING); diff --git a/src/VBox/HostDrivers/Support/SUPDrvTracer.cpp b/src/VBox/HostDrivers/Support/SUPDrvTracer.cpp index 7b25b5ce..9ea87201 100644 --- a/src/VBox/HostDrivers/Support/SUPDrvTracer.cpp +++ b/src/VBox/HostDrivers/Support/SUPDrvTracer.cpp @@ -55,6 +55,15 @@ #include <iprt/param.h> #include <iprt/uuid.h> +#if defined(RT_OS_LINUX) +# if RTLNX_VER_MIN(4,15,10) +# include <asm/nospec-branch.h> +# endif /* < 4.15.10 */ +# if RTLNX_VER_MIN(5,17,0) +# include <asm/linkage.h> +# endif /* < 5.17.0 */ +#endif /* !RT_OS_LINUX */ + /********************************************************************************************************************************* * Structures and Typedefs * @@ -96,7 +105,8 @@ typedef struct SUPDRVTPPROVIDER * tracer. */ bool fRegistered; /** The provider name (for logging purposes). */ - char szName[1]; + RT_FLEXIBLE_ARRAY_EXTENSION + char szName[RT_FLEXIBLE_ARRAY]; } SUPDRVTPPROVIDER; /** Pointer to the data for a tracepoint provider. */ typedef SUPDRVTPPROVIDER *PSUPDRVTPPROVIDER; @@ -161,7 +171,8 @@ typedef struct SUPDRVTRACERUMOD /** The number of probe locations. */ uint32_t cProbeLocs; /** Ring-0 probe location info. */ - SUPDRVPROBELOC aProbeLocs[1]; + RT_FLEXIBLE_ARRAY_EXTENSION + SUPDRVPROBELOC aProbeLocs[RT_FLEXIBLE_ARRAY]; } SUPDRVTRACERUMOD; /** Magic value for SUPDRVVTGCOPY. */ #define SUPDRVTRACERUMOD_MAGIC UINT32_C(0x00080486) @@ -1495,11 +1506,25 @@ SUPR0TracerFireProbe: \n\ # if defined(RT_ARCH_AMD64) __asm__("\ movq g_pfnSupdrvProbeFireKernel(%rip), %rax \n\ + " +# if defined(RT_OS_LINUX) +# if RTLNX_VER_MIN(4,15,10) + ANNOTATE_RETPOLINE_SAFE +# endif +# endif + " \n\ jmp *%rax \n\ "); # elif defined(RT_ARCH_X86) __asm__("\ movl g_pfnSupdrvProbeFireKernel, %eax \n\ + " +# if defined(RT_OS_LINUX) +# if RTLNX_VER_MIN(4,15,10) + ANNOTATE_RETPOLINE_SAFE +# endif +# endif + " \n\ jmp *%eax \n\ "); # else @@ -1511,8 +1536,20 @@ __asm__("\ .type supdrvTracerProbeFireStub,@function \n\ .global supdrvTracerProbeFireStub \n\ supdrvTracerProbeFireStub: \n\ - ret \n\ - .size supdrvTracerProbeFireStub, . - supdrvTracerProbeFireStub \n\ + " +# if defined(RT_OS_LINUX) +# if RTLNX_VER_MIN(5,17,0) + ASM_RET "\n\ + " +# else /* < 5.17.0 */ + "ret \n\ + " +# endif /* < 5.17.0 */ +# else /* !RT_OS_LINUX */ + "ret \n\ + " +# endif /* !RT_OS_LINUX */ + ".size supdrvTracerProbeFireStub, . - supdrvTracerProbeFireStub \n\ \n\ .previous \n\ "); diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp index 99b4278a..25c6b4c5 100644 --- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp +++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp @@ -1398,6 +1398,21 @@ static void supR3HardenedGetFullExePath(void) default: supR3HardenedFatal("supR3HardenedExecDir: Unknown program binary location: %#x\n", g_fSupHardenedMain); } + +#ifdef RTPATH_APP_PRIVATE_ARCH + /* + * If the location is fixed, do not continue if it is not correct. Binaries + * must not be allowed to be started from anywhere else. (@bugref{10626}) + */ + if (suplibHardenedStrCmp(g_szSupLibHardenedAppBinPath, RTPATH_APP_PRIVATE_ARCH) != 0) + supR3HardenedFatal("supR3HardenedExecDir: Invalid program binary location: %s (expected %s)\n", + g_szSupLibHardenedAppBinPath, RTPATH_APP_PRIVATE_ARCH); +# ifdef RT_OS_WINDOWS +# error "Didn't expect RTPATH_APP_PRIVATE_ARCH to be defined on Windows." +# endif +#elif defined(RT_OS_LINUX) || defined(RT_OS_FREEBSD) || defined(RT_OS_SOLARIS) || defined(RT_OS_DARWIN) +# error "Expected RTPATH_APP_PRIVATE_ARCH to be define on this host." +#endif } diff --git a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c index 2a77412c..6ce2a8d0 100644 --- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c +++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c @@ -54,6 +54,7 @@ #include <VBox/err.h> #include <iprt/mem.h> #include <VBox/log.h> +#include <VBox/VBoxLnxModInline.h> #include <iprt/mp.h> /** @todo figure out the exact version number */ @@ -307,12 +308,12 @@ DECLINLINE(RTGID) vboxdrvLinuxKernGid(void) #ifdef VBOX_WITH_HARDENING -/** Get the effective UID within the current user namespace. */ -DECLINLINE(RTUID) vboxdrvLinuxEuidInNs(void) +/** Get the effective UID of the current process. */ +DECLINLINE(RTUID) vboxdrvLinuxEuid(void) { # if RTLNX_VER_MIN(2,6,29) # if RTLNX_VER_MIN(3,5,0) - return from_kuid(current_user_ns(), current->cred->euid); + return __kuid_val(current->cred->euid); # else return current->cred->euid; # endif @@ -332,6 +333,10 @@ static int __init VBoxDrvLinuxInit(void) { int rc; + /* Check if modue loading was disabled. */ + if (!vbox_mod_should_load()) + return -EINVAL; + #if RTLNX_VER_MIN(5,0,0) spin_lock_init(&g_supdrvLinuxWrapperModuleSpinlock); RTListInit(&g_supdrvLinuxWrapperModuleList); @@ -487,9 +492,9 @@ static int vboxdrvLinuxCreateCommon(struct inode *pInode, struct file *pFilp, bo * Only root is allowed to access the unrestricted device, enforce it! */ if ( fUnrestricted - && vboxdrvLinuxEuidInNs() != 0 /* root */ ) + && vboxdrvLinuxEuid() != 0 /* root */ ) { - Log(("VBoxDrvLinuxCreate: euid=%d, expected 0 (root)\n", vboxdrvLinuxEuidInNs())); + Log(("VBoxDrvLinuxCreate: euid=%d, expected 0 (root)\n", vboxdrvLinuxEuid())); return -EPERM; } #endif /* VBOX_WITH_HARDENING */ diff --git a/src/VBox/HostDrivers/Support/linux/files_vboxdrv b/src/VBox/HostDrivers/Support/linux/files_vboxdrv index cd8b214a..5fbf92a5 100755 --- a/src/VBox/HostDrivers/Support/linux/files_vboxdrv +++ b/src/VBox/HostDrivers/Support/linux/files_vboxdrv @@ -93,6 +93,7 @@ FILES_VBOXDRV_NOBIN=" \ ${PATH_ROOT}/include/VBox/types.h=>include/VBox/types.h \ ${PATH_ROOT}/include/VBox/SUPDrvMangling.h=>include/VBox/SUPDrvMangling.h \ ${PATH_ROOT}/include/VBox/VBoxTpG.h=>include/VBox/VBoxTpG.h \ + ${PATH_ROOT}/include/VBox/VBoxLnxModInline.h=>include/VBox/VBoxLnxModInline.h \ ${PATH_ROOT}/include/VBox/vmm/hm_vmx.h=>include/VBox/vmm/hm_vmx.h \ ${PATH_ROOT}/include/VBox/vmm/hm_svm.h=>include/VBox/vmm/hm_svm.h \ ${PATH_ROOT}/include/VBox/vmm/cpuidcall.h=>include/VBox/vmm/cpuidcall.h \ diff --git a/src/VBox/HostDrivers/VBoxNetAdp/linux/VBoxNetAdp-linux.c b/src/VBox/HostDrivers/VBoxNetAdp/linux/VBoxNetAdp-linux.c index 0654e1d7..bc827fe6 100644 --- a/src/VBox/HostDrivers/VBoxNetAdp/linux/VBoxNetAdp-linux.c +++ b/src/VBox/HostDrivers/VBoxNetAdp/linux/VBoxNetAdp-linux.c @@ -54,6 +54,7 @@ #include <iprt/initterm.h> #include <iprt/mem.h> #include <iprt/string.h> +#include <VBox/VBoxLnxModInline.h> /* #include <iprt/assert.h> @@ -529,6 +530,11 @@ int vboxNetAdpOsInit(PVBOXNETADP pThis) static int __init VBoxNetAdpLinuxInit(void) { int rc; + + /* Check if modue loading was disabled. */ + if (!vbox_mod_should_load()) + return -EINVAL; + /* * Initialize IPRT. */ diff --git a/src/VBox/HostDrivers/VBoxNetAdp/linux/files_vboxnetadp b/src/VBox/HostDrivers/VBoxNetAdp/linux/files_vboxnetadp index 3f028677..288f9b1e 100755 --- a/src/VBox/HostDrivers/VBoxNetAdp/linux/files_vboxnetadp +++ b/src/VBox/HostDrivers/VBoxNetAdp/linux/files_vboxnetadp @@ -86,6 +86,7 @@ VBOX_VBOXNETADP_SOURCES=" \ ${PATH_ROOT}/include/VBox/sup.h=>include/VBox/sup.h \ ${PATH_ROOT}/include/VBox/types.h=>include/VBox/types.h \ ${PATH_ROOT}/include/VBox/SUPDrvMangling.h=>include/VBox/SUPDrvMangling.h \ + ${PATH_ROOT}/include/VBox/VBoxLnxModInline.h=>include/VBox/VBoxLnxModInline.h \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetAdp/linux/VBoxNetAdp-linux.c=>linux/VBoxNetAdp-linux.c \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetAdp/VBoxNetAdp.c=>VBoxNetAdp.c \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetAdp/VBoxNetAdpInternal.h=>VBoxNetAdpInternal.h \ diff --git a/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c b/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c index eaf07e8c..85777fa1 100644 --- a/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c +++ b/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c @@ -73,6 +73,7 @@ #include <VBox/intnetinline.h> #include <VBox/vmm/pdmnetinline.h> #include <VBox/param.h> +#include <VBox/VBoxLnxModInline.h> #include <iprt/alloca.h> #include <iprt/assert.h> #include <iprt/spinlock.h> @@ -166,6 +167,17 @@ typedef struct VBOXNETFLTNOTIFIER *PVBOXNETFLTNOTIFIER; # endif #endif +#if RTLNX_VER_MIN(6,9,0) +# define VBOX_SKB_FRAG_LEN(_pFrag) ((_pFrag)->len) +# define VBOX_SKB_FRAG_OFFSET(_pFrag) ((_pFrag)->offset) +#elif RTLNX_VER_MIN(5,4,0) || RTLNX_SUSE_MAJ_PREREQ(15, 2) +# define VBOX_SKB_FRAG_LEN(_pFrag) ((_pFrag)->bv_len) +# define VBOX_SKB_FRAG_OFFSET(_pFrag) ((_pFrag)->bv_offset) +#else /* < KERNEL_VERSION(5, 4, 0) */ +# define VBOX_SKB_FRAG_LEN(_pFrag) ((_pFrag)->size) +# define VBOX_SKB_FRAG_OFFSET(_pFrag) ((_pFrag)->page_offset) +#endif /* > KERNEL_VERSION(6, 9, 0) */ + #if RTLNX_VER_MIN(3,20,0) || RTLNX_RHEL_RANGE(7,2, 8,0) || RTLNX_RHEL_RANGE(6,8, 7,0) # define VBOX_HAVE_SKB_VLAN #endif @@ -273,6 +285,11 @@ unsigned dev_get_flags(const struct net_device *dev) static int __init VBoxNetFltLinuxInit(void) { int rc; + + /* Check if modue loading was disabled. */ + if (!vbox_mod_should_load()) + return -EINVAL; + /* * Initialize IPRT. */ @@ -926,13 +943,8 @@ static void vboxNetFltLinuxSkBufToSG(PVBOXNETFLTINS pThis, struct sk_buff *pBuf, for (i = 0; i < skb_shinfo(pBuf)->nr_frags; i++) { skb_frag_t *pFrag = &skb_shinfo(pBuf)->frags[i]; -# if RTLNX_VER_MIN(5,4,0) || RTLNX_SUSE_MAJ_PREREQ(15, 2) - pSG->aSegs[iSeg].cb = pFrag->bv_len; - pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + pFrag->bv_offset; -# else /* < KERNEL_VERSION(5, 4, 0) */ - pSG->aSegs[iSeg].cb = pFrag->size; - pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + pFrag->page_offset; -# endif /* >= KERNEL_VERSION(5, 4, 0) */ + pSG->aSegs[iSeg].cb = VBOX_SKB_FRAG_LEN(pFrag); + pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + VBOX_SKB_FRAG_OFFSET(pFrag); Log6((" %p", pSG->aSegs[iSeg].pv)); pSG->aSegs[iSeg++].Phys = NIL_RTHCPHYS; Assert(iSeg <= pSG->cSegsAlloc); @@ -947,13 +959,8 @@ static void vboxNetFltLinuxSkBufToSG(PVBOXNETFLTINS pThis, struct sk_buff *pBuf, for (i = 0; i < skb_shinfo(pFragBuf)->nr_frags; i++) { skb_frag_t *pFrag = &skb_shinfo(pFragBuf)->frags[i]; -# if RTLNX_VER_MIN(5,4,0) || RTLNX_SUSE_MAJ_PREREQ(15, 2) - pSG->aSegs[iSeg].cb = pFrag->bv_len; - pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + pFrag->bv_offset; -# else /* < KERNEL_VERSION(5, 4, 0) */ - pSG->aSegs[iSeg].cb = pFrag->size; - pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + pFrag->page_offset; -# endif /* >= KERNEL_VERSION(5, 4, 0) */ + pSG->aSegs[iSeg].cb = VBOX_SKB_FRAG_LEN(pFrag); + pSG->aSegs[iSeg].pv = VBOX_SKB_KMAP_FRAG(pFrag) + VBOX_SKB_FRAG_OFFSET(pFrag); Log6((" %p", pSG->aSegs[iSeg].pv)); pSG->aSegs[iSeg++].Phys = NIL_RTHCPHYS; Assert(iSeg <= pSG->cSegsAlloc); diff --git a/src/VBox/HostDrivers/VBoxNetFlt/linux/files_vboxnetflt b/src/VBox/HostDrivers/VBoxNetFlt/linux/files_vboxnetflt index f2f8f1f4..bdff6ed2 100755 --- a/src/VBox/HostDrivers/VBoxNetFlt/linux/files_vboxnetflt +++ b/src/VBox/HostDrivers/VBoxNetFlt/linux/files_vboxnetflt @@ -88,6 +88,7 @@ VBOX_VBOXNETFLT_SOURCES=" \ ${PATH_ROOT}/include/VBox/sup.h=>include/VBox/sup.h \ ${PATH_ROOT}/include/VBox/types.h=>include/VBox/types.h \ ${PATH_ROOT}/include/VBox/SUPDrvMangling.h=>include/VBox/SUPDrvMangling.h \ + ${PATH_ROOT}/include/VBox/VBoxLnxModInline.h=>include/VBox/VBoxLnxModInline.h \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetFlt/linux/VBoxNetFlt-linux.c=>linux/VBoxNetFlt-linux.c \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFlt.c=>VBoxNetFlt.c \ ${PATH_ROOT}/src/VBox/HostDrivers/VBoxNetFlt/VBoxNetFltInternal.h=>VBoxNetFltInternal.h \ diff --git a/src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp b/src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp index 44c7338c..5913697b 100644 --- a/src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp +++ b/src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp @@ -1141,7 +1141,7 @@ DECLHIDDEN(NDIS_STATUS) vboxNetFltWinAllocSG(UINT cbPacket, PINTNETSG *ppSG) * 1. SG_PACKET - with one aSegs pointing to * 2. buffer of cbPacket containing the entire packet */ AssertCompileSizeAlignment(INTNETSG, sizeof(PVOID)); - Status = vboxNetFltWinMemAlloc((PVOID*)&pSG, cbPacket + sizeof(INTNETSG)); + Status = vboxNetFltWinMemAlloc((PVOID*)&pSG, cbPacket + RT_UOFFSETOF_DYN(INTNETSG, aSegs[1])); if (Status == NDIS_STATUS_SUCCESS) { IntNetSgInitTemp(pSG, pSG + 1, cbPacket); |