* [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed
@ 2011-10-16 18:32 Antonio Quartulli
2011-10-16 18:32 ` [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length Antonio Quartulli
2011-10-24 13:53 ` [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Marek Lindner
0 siblings, 2 replies; 4+ messages in thread
From: Antonio Quartulli @ 2011-10-16 18:32 UTC (permalink / raw)
To: b.a.t.m.a.n
The TT_RESPONSE skb has to be linearised only if the node plans to access the
packet payload (so only if the message is directed to that node). In all the
other cases the node can avoid this memory operation
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
routing.c | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/routing.c b/routing.c
index 60ce407..e0e7b7b 100644
--- a/routing.c
+++ b/routing.c
@@ -616,13 +616,14 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
}
break;
case TT_RESPONSE:
- /* packet needs to be linearized to access the TT changes */
- if (skb_linearize(skb) < 0)
- goto out;
+ if (is_my_mac(tt_query->dst)) {
+ /* packet needs to be linearized to access the TT
+ * changes */
+ if (skb_linearize(skb) < 0)
+ goto out;
- if (is_my_mac(tt_query->dst))
handle_tt_response(bat_priv, tt_query);
- else {
+ } else {
bat_dbg(DBG_TT, bat_priv,
"Routing TT_RESPONSE to %pM [%c]\n",
tt_query->dst,
--
1.7.3.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length
2011-10-16 18:32 [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Antonio Quartulli
@ 2011-10-16 18:32 ` Antonio Quartulli
2011-10-24 14:13 ` Marek Lindner
2011-10-24 13:53 ` [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Marek Lindner
1 sibling, 1 reply; 4+ messages in thread
From: Antonio Quartulli @ 2011-10-16 18:32 UTC (permalink / raw)
To: b.a.t.m.a.n
Before accessing the TT_RESPONSE packet payload, the node has to ensure that the
packet is long enough as it would expect to be.
Reported-by: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
routing.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/routing.c b/routing.c
index e0e7b7b..ef24a72 100644
--- a/routing.c
+++ b/routing.c
@@ -578,6 +578,7 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
{
struct bat_priv *bat_priv = netdev_priv(recv_if->soft_iface);
struct tt_query_packet *tt_query;
+ uint16_t tt_len;
struct ethhdr *ethhdr;
/* drop packet if it has not necessary minimum size */
@@ -622,6 +623,14 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
if (skb_linearize(skb) < 0)
goto out;
+ tt_len = tt_query->tt_data * sizeof(struct tt_change);
+
+ /* Ensure we have all the claimed data */
+ if (unlikely(skb_headlen(skb) <
+ sizeof(struct tt_query_packet) +
+ tt_len))
+ goto out;
+
handle_tt_response(bat_priv, tt_query);
} else {
bat_dbg(DBG_TT, bat_priv,
--
1.7.3.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed
2011-10-16 18:32 [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Antonio Quartulli
2011-10-16 18:32 ` [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length Antonio Quartulli
@ 2011-10-24 13:53 ` Marek Lindner
1 sibling, 0 replies; 4+ messages in thread
From: Marek Lindner @ 2011-10-24 13:53 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
On Sunday, October 16, 2011 20:32:02 Antonio Quartulli wrote:
> The TT_RESPONSE skb has to be linearised only if the node plans to access
> the packet payload (so only if the message is directed to that node). In
> all the other cases the node can avoid this memory operation
Patch was applied in revision 7f1b2a0.
Thanks,
Marek
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length
2011-10-16 18:32 ` [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length Antonio Quartulli
@ 2011-10-24 14:13 ` Marek Lindner
0 siblings, 0 replies; 4+ messages in thread
From: Marek Lindner @ 2011-10-24 14:13 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
On Sunday, October 16, 2011 20:32:03 Antonio Quartulli wrote:
> Before accessing the TT_RESPONSE packet payload, the node has to ensure
> that the packet is long enough as it would expect to be.
Patch was applied in revision e096f38.
Thanks,
Marek
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-10-24 14:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-16 18:32 [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Antonio Quartulli
2011-10-16 18:32 ` [B.A.T.M.A.N.] [PATCHv3 2/3] batman-adv: check for tt_reponse packet real length Antonio Quartulli
2011-10-24 14:13 ` Marek Lindner
2011-10-24 13:53 ` [B.A.T.M.A.N.] [PATCHv3 1/3] batman-adv: linearise the tt_response skb only if needed Marek Lindner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox