mirror/xdp-project-bpf-examples
1
0
Fork 0
mirror of https://github.com/xdp-project/bpf-examples.git synced 2024-05-06 15:54:53 +00:00
Code Issues Projects Releases Wiki Activity

pping: Verify opt_size is valid when parsing TCP options

Browse Source 
Add a check that opt_size is at least 2 in
pping_helpers.h/prase_tcp_ts, otherwise terminate the loop
unsucessfully. Only check the lower bound of opt_size, the upper
bound will be checked in the first step of the next loop iteration
anyways.

Signed-off-by: Simon Sundberg <simon.sundberg@kau.se>
This commit is contained in:
Simon Sundberg
2021-03-30 19:34:48 +02:00
parent 48c25735ac
commit f26f03a8ce
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pping/pping_helpers.h
View File

@ -98,6 +98,8 @@ static int parse_tcp_ts(struct tcphdr *tcph, void *data_end, __u32 *tsval,
if (pos + 2 > opt_end || pos + 2 > data_end) if (pos + 2 > opt_end || pos + 2 > data_end)
return -1; return -1;
opt_size = *(pos + 1); opt_size = *(pos + 1);
if (opt_size < 2) // Stop parsing options if opt_size has an invalid value
return -1;
// Option-kind is TCP timestap (yey!) // Option-kind is TCP timestap (yey!)
if (opt == 8 && opt_size == 10) { if (opt == 8 && opt_size == 10) {