mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-31 06:15:47 +00:00
Code Issues Releases Wiki Activity

flow: Add length check when retrieving TCP flags.

Browse Source 
When collecting TCP flags we check that the IP header indicates that
a TCP header is present but not that the packet is actually long
enough to contain the header.  This adds a check to prevent reading
off the end of the packet.

In practice, this is only likely to result in reading of bad data and
not a crash due to the presence of struct skb_shared_info at the end
of the packet.

Signed-off-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
This commit is contained in:
Jesse Gross
2012-03-23 13:14:51 -07:00
parent c1f15723c0
commit 9c47b45a3b
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/dpif-netdev.c
View File

@@ -976,7 +976,8 @@ dp_netdev_flow_used(struct dp_netdev_flow *flow, struct flow *key,
flow->used = time_msec();
flow->packet_count++;
flow->byte_count += packet->size;
if (key->dl_type == htons(ETH_TYPE_IP) && key->nw_proto == IPPROTO_TCP) {
if (key->dl_type == htons(ETH_TYPE_IP) &&
key->nw_proto == IPPROTO_TCP && packet->l7) {
struct tcp_header *th = packet->l4;
flow->tcp_ctl |= th->tcp_ctl;
}