[Slirp] [PATCH] slirp: ncsi: compute checksum for valid data length

[P J P]

From: Prasad J Pandit <pjp at fedoraproject.org>

'ncsi_calculate_checksum' computes an optional checksum value for
the ncsi response packet by reading the data as series of 2 byte
words. But it receives the data length in no of bytes. Fix the for
loop to run for half the iterations to compute checksum for valid
data bytes and avoid OOB access.

Reported-by: Xingwei Lin <linyi.lxw at antfin.com>
Signed-off-by: Prasad J Pandit <pjp at fedoraproject.org>
---
 src/ncsi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ncsi.c b/src/ncsi.c
index 6864b73..ddd980d 100644
--- a/src/ncsi.c
+++ b/src/ncsi.c
@@ -47,7 +47,7 @@ static uint32_t ncsi_calculate_checksum(uint16_t *data, int len)
      * 32-bit unsigned sum of the NC-SI packet header and NC-SI packet
      * payload interpreted as a series of 16-bit unsigned integer values.
      */
-    for (i = 0; i < len; i++) {
+    for (i = 0; i < len / 2; i++) {
         checksum += htons(data[i]);
     }
 
-- 
2.24.1