| Message ID | 1550048953-18594-1-git-send-email-lirongqing@baidu.com |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [ovs-dev] conntrack: force packet length check in extract_l3_ipv4 | expand |
On Wed, Feb 13, 2019 at 1:10 AM Li RongQing <lirongqing@baidu.com> wrote: > Assure the packet size is larger than ip total length > > Signed-off-by: Li RongQing <lirongqing@baidu.com> > --- > lib/conntrack.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/lib/conntrack.c b/lib/conntrack.c > index 5c43410ec..4a39327b3 100644 > --- a/lib/conntrack.c > +++ b/lib/conntrack.c > @@ -1525,6 +1525,10 @@ extract_l3_ipv4(struct conn_key *key, const void > *data, size_t size, > return false; > } > > + if (OVS_UNLIKELY(size < ntohs(ip->ip_tot_len))) { > + return false; > + } > + > l3 'size' is a derived field from ip_tot_len > if (IP_IS_FRAGMENT(ip->ip_frag_off)) { > return false; > } > -- > 2.16.2 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
diff --git a/lib/conntrack.c b/lib/conntrack.c index 5c43410ec..4a39327b3 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -1525,6 +1525,10 @@ extract_l3_ipv4(struct conn_key *key, const void *data, size_t size, return false; } + if (OVS_UNLIKELY(size < ntohs(ip->ip_tot_len))) { + return false; + } + if (IP_IS_FRAGMENT(ip->ip_frag_off)) { return false; }
Assure the packet size is larger than ip total length Signed-off-by: Li RongQing <lirongqing@baidu.com> --- lib/conntrack.c | 4 ++++ 1 file changed, 4 insertions(+)