Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src - npf_fetch_tcpopts: fix off-by-one when validating TCP opti...
details: https://anonhg.NetBSD.org/src/rev/48bddcadb842
branches: trunk
changeset: 780366:48bddcadb842
user: rmind <rmind%NetBSD.org@localhost>
date: Sat Jul 21 17:11:01 2012 +0000
description:
- npf_fetch_tcpopts: fix off-by-one when validating TCP option length
against the maximum allowed.
- npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts().
- Few minor improvements to npftest.
diffstat:
sys/net/npf/npf_inet.c | 6 +++---
sys/net/npf/npf_state.c | 5 +++--
sys/net/npf/npf_state_tcp.c | 20 +++++++++-----------
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c | 4 +++-
usr.sbin/npf/npftest/npfstream.c | 13 ++++++++-----
5 files changed, 26 insertions(+), 22 deletions(-)
diffs (175 lines):
diff -r 519fd12d5d46 -r 48bddcadb842 sys/net/npf/npf_inet.c
--- a/sys/net/npf/npf_inet.c Sat Jul 21 16:14:05 2012 +0000
+++ b/sys/net/npf/npf_inet.c Sat Jul 21 17:11:01 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_inet.c,v 1.15 2012/07/19 21:52:29 spz Exp $ */
+/* $NetBSD: npf_inet.c,v 1.16 2012/07/21 17:11:01 rmind Exp $ */
/*-
* Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.15 2012/07/19 21:52:29 spz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.16 2012/07/21 17:11:01 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -277,7 +277,7 @@
if (nbuf_advfetch(&nbuf, &n_ptr, 1, sizeof(val), &val)) {
return false;
}
- if (val < 2 || val >= topts_len) {
+ if (val < 2 || val > topts_len) {
return false;
}
topts_len -= val;
diff -r 519fd12d5d46 -r 48bddcadb842 sys/net/npf/npf_state.c
--- a/sys/net/npf/npf_state.c Sat Jul 21 16:14:05 2012 +0000
+++ b/sys/net/npf/npf_state.c Sat Jul 21 17:11:01 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state.c,v 1.9 2012/07/01 23:21:06 rmind Exp $ */
+/* $NetBSD: npf_state.c,v 1.10 2012/07/21 17:11:01 rmind Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.9 2012/07/01 23:21:06 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state.c,v 1.10 2012/07/21 17:11:01 rmind Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -107,6 +107,7 @@
default:
ret = false;
}
+ NPF_TCP_STATE_SAMPLE(nst, ret);
return ret;
}
diff -r 519fd12d5d46 -r 48bddcadb842 sys/net/npf/npf_state_tcp.c
--- a/sys/net/npf/npf_state_tcp.c Sat Jul 21 16:14:05 2012 +0000
+++ b/sys/net/npf/npf_state_tcp.c Sat Jul 21 17:11:01 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_state_tcp.c,v 1.9 2012/07/15 00:23:00 rmind Exp $ */
+/* $NetBSD: npf_state_tcp.c,v 1.10 2012/07/21 17:11:02 rmind Exp $ */
/*-
* Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.9 2012/07/15 00:23:00 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.10 2012/07/21 17:11:02 rmind Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -300,7 +300,7 @@
const struct tcphdr * const th = &npc->npc_l4.tcp;
const int tcpfl = th->th_flags;
npf_tcpstate_t *fstate, *tstate;
- int tcpdlen, wscale, ackskew;
+ int tcpdlen, ackskew;
tcp_seq seq, ack, end;
uint32_t win;
@@ -359,11 +359,9 @@
* Handle TCP Window Scaling (RFC 1323). Both sides may
* send this option in their SYN packets.
*/
- if (npf_fetch_tcpopts(npc, nbuf, NULL, &wscale)) {
- fstate->nst_wscale = wscale;
- } else {
- fstate->nst_wscale = 0;
- }
+ fstate->nst_wscale = 0;
+ (void)npf_fetch_tcpopts(npc, nbuf, NULL, &fstate->nst_wscale);
+
tstate->nst_wscale = 0;
/* Done. */
@@ -377,12 +375,12 @@
fstate->nst_end = end;
fstate->nst_maxend = end + 1;
fstate->nst_maxwin = win;
+ fstate->nst_wscale = 0;
/* Handle TCP Window Scaling (must be ignored if no SYN). */
if (tcpfl & TH_SYN) {
- fstate->nst_wscale =
- npf_fetch_tcpopts(npc, nbuf, NULL, &wscale) ?
- wscale : 0;
+ (void)npf_fetch_tcpopts(npc, nbuf, NULL,
+ &fstate->nst_wscale);
}
}
diff -r 519fd12d5d46 -r 48bddcadb842 usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
--- a/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c Sat Jul 21 16:14:05 2012 +0000
+++ b/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c Sat Jul 21 17:11:01 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npf_test_subr.c,v 1.1 2012/05/30 21:38:04 rmind Exp $ */
+/* $NetBSD: npf_test_subr.c,v 1.2 2012/07/21 17:11:02 rmind Exp $ */
/*
* NPF initialisation and handler routines.
@@ -65,10 +65,12 @@
result[i++] = fstate->nst_end;
result[i++] = fstate->nst_maxend;
result[i++] = fstate->nst_maxwin;
+ result[i++] = fstate->nst_wscale;
result[i++] = tstate->nst_end;
result[i++] = tstate->nst_maxend;
result[i++] = tstate->nst_maxwin;
+ result[i++] = tstate->nst_wscale;
return 0;
}
diff -r 519fd12d5d46 -r 48bddcadb842 usr.sbin/npf/npftest/npfstream.c
--- a/usr.sbin/npf/npftest/npfstream.c Sat Jul 21 16:14:05 2012 +0000
+++ b/usr.sbin/npf/npftest/npfstream.c Sat Jul 21 17:11:01 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: npfstream.c,v 1.1 2012/05/30 21:38:04 rmind Exp $ */
+/* $NetBSD: npfstream.c,v 1.2 2012/07/21 17:11:02 rmind Exp $ */
/*
* NPF stream processor.
@@ -67,7 +67,7 @@
forw = (initial_ip.s_addr == ip->ip_src.s_addr);
packetno = forw ? ++snd_packet_no : ++rcv_packet_no;
- int64_t result[9];
+ int64_t result[11];
memset(result, 0, sizeof(result));
len = ntohs(ip->ip_len);
@@ -76,7 +76,7 @@
fprintf(fp, "%s%2x %5d %3d %11u %11u %11u %11u %12lx",
forw ? ">" : "<", (th->th_flags & (TH_SYN | TH_ACK | TH_FIN)),
packetno, error, (u_int)seq, (u_int)ntohl(th->th_ack),
- (u_int)(seq + tcpdlen), ntohs(th->th_win), (uintptr_t)result[0]);
+ tcpdlen, ntohs(th->th_win), (uintptr_t)result[0]);
for (unsigned i = 1; i < __arraycount(result); i++) {
fprintf(fp, "%11" PRIu64 " ", result[i]);
@@ -101,9 +101,12 @@
if (fp == NULL) {
err(EXIT_FAILURE, "fopen");
}
- fprintf(fp, "# %5s %3s %11s %11s %11s %11s %11s %11s %11s\n",
+ fprintf(fp, "#FL %5s %3s %11s %11s %11s %11s %11s %11s %11s "
+ "%11s %11s %11s %5s %11s %11s %11s %5s\n",
"No", "Err", "Seq", "Ack", "TCP Len", "Win",
- "Stream", "RetVal", "State");
+ "Stream", "RetVal", "State",
+ "F.END", "F.MAXEND", "F.MAXWIN", "F.WSC",
+ "T.END", "T.MAXEND", "T.MAXWIN", "T.WSC");
while (pcap_next_ex(pcap, &phdr, &data) > 0) {
if (phdr->len != phdr->caplen) {
warnx("process_stream: truncated packet");
Home |
Main Index |
Thread Index |
Old Index