Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
udp: validate input data length
[vpp.git]
/
src
/
vnet
/
udp
/
udp_input.c
diff --git
a/src/vnet/udp/udp_input.c
b/src/vnet/udp/udp_input.c
index
bd4e757
..
453e123
100644
(file)
--- a/
src/vnet/udp/udp_input.c
+++ b/
src/vnet/udp/udp_input.c
@@
-89,7
+89,7
@@
udp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
while (n_left_from > 0)
{
while (n_left_from > 0)
{
- u32 bi0, fib_index0;
+ u32 bi0, fib_index0
, data_len
;
vlib_buffer_t *b0;
u32 error0 = UDP_ERROR_ENQUEUED;
udp_header_t *udp0;
vlib_buffer_t *b0;
u32 error0 = UDP_ERROR_ENQUEUED;
udp_header_t *udp0;
@@
-125,7
+125,8
@@
udp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
udp0->src_port, TRANSPORT_PROTO_UDP);
lcl_addr = &ip40->dst_address;
rmt_addr = &ip40->src_address;
udp0->src_port, TRANSPORT_PROTO_UDP);
lcl_addr = &ip40->dst_address;
rmt_addr = &ip40->src_address;
-
+ data_len = clib_net_to_host_u16 (ip40->length);
+ data_len -= sizeof (ip4_header_t) + sizeof (udp_header_t);
}
else
{
}
else
{
@@
-135,6
+136,8
@@
udp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
udp0->src_port, TRANSPORT_PROTO_UDP);
lcl_addr = &ip60->dst_address;
rmt_addr = &ip60->src_address;
udp0->src_port, TRANSPORT_PROTO_UDP);
lcl_addr = &ip60->dst_address;
rmt_addr = &ip60->src_address;
+ data_len = clib_net_to_host_u16 (ip60->payload_length);
+ data_len -= sizeof (udp_header_t);
}
if (PREDICT_FALSE (!s0))
}
if (PREDICT_FALSE (!s0))
@@
-228,12
+231,12
@@
udp46_input_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
if (svm_fifo_max_enqueue_prod (s0->rx_fifo)
if (svm_fifo_max_enqueue_prod (s0->rx_fifo)
- <
b0->current_length
+ sizeof (session_dgram_hdr_t))
+ <
data_len
+ sizeof (session_dgram_hdr_t))
{
error0 = UDP_ERROR_FIFO_FULL;
goto trace0;
}
{
error0 = UDP_ERROR_FIFO_FULL;
goto trace0;
}
- hdr0.data_length = b0->current_length;
+ hdr0.data_length = b0->current_length
= data_len
;
hdr0.data_offset = 0;
ip_set (&hdr0.lcl_ip, lcl_addr, is_ip4);
ip_set (&hdr0.rmt_ip, rmt_addr, is_ip4);
hdr0.data_offset = 0;
ip_set (&hdr0.lcl_ip, lcl_addr, is_ip4);
ip_set (&hdr0.rmt_ip, rmt_addr, is_ip4);