From: Jeremy Sowden <jeremy@azazel.net>
To: Jan Engelhardt <jengelh@inai.de>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>, kaskada@email.cz
Subject: [xtables-addons 1/4] xt_ipp2p: don't search haystack if it's empty
Date: Mon, 13 Sep 2021 10:20:48 +0100 [thread overview]
Message-ID: <20210913092051.79743-2-jeremy@azazel.net> (raw)
In-Reply-To: <20210913092051.79743-1-jeremy@azazel.net>
All the search functions have a positive minimum packet-length.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
extensions/xt_ipp2p.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 8fb1b79bb414..4e0fbb675c76 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -842,14 +842,17 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (tcph->syn) return 0; /* if SYN bit is set bail out */
if (tcph->rst) return 0; /* if RST bit is set bail out */
- haystack += tcph->doff * 4; /* get TCP-Header-Size */
if (tcph->doff * 4 > hlen) {
if (info->debug)
pr_info("TCP header indicated packet larger than it is\n");
- hlen = 0;
- } else {
- hlen -= tcph->doff * 4;
+ return 0;
}
+ if (tcph->doff * 4 == hlen)
+ return 0;
+
+ haystack += tcph->doff * 4; /* get TCP-Header-Size */
+ hlen -= tcph->doff * 4;
+
while (matchlist[i].command) {
if ((info->cmd & matchlist[i].command) == matchlist[i].command &&
hlen > matchlist[i].packet_len)
@@ -875,14 +878,16 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct udphdr *udph = (const void *)ip + ip_hdrlen(skb);
- haystack += sizeof(*udph);
if (sizeof(*udph) > hlen) {
if (info->debug)
pr_info("UDP header indicated packet larger than it is\n");
- hlen = 0;
- } else {
- hlen -= sizeof(*udph);
+ return 0;
}
+ if (sizeof(*udph) == hlen)
+ return 0;
+
+ haystack += sizeof(*udph);
+ hlen -= sizeof(*udph);
while (udp_list[i].command) {
if ((info->cmd & udp_list[i].command) == udp_list[i].command &&
--
2.33.0
next prev parent reply other threads:[~2021-09-13 9:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-13 9:20 [xtables-addons 0/4] IPv6 support for xt_ipp2p Jeremy Sowden
2021-09-13 9:20 ` Jeremy Sowden [this message]
2021-09-13 9:20 ` [xtables-addons 2/4] xt_ipp2p: move the protocol-specific code out into separate functions Jeremy Sowden
2021-09-13 9:20 ` [xtables-addons 3/4] xt_ipp2p: move result printing code " Jeremy Sowden
2021-09-13 9:20 ` [xtables-addons 4/4] xt_ipp2p: add ipv6 support Jeremy Sowden
[not found] ` <1wg.aVMb.5l0xziYPqYA.1XFsCY@seznam.cz>
2021-09-13 14:55 ` [xtables-addons 0/4] IPv6 support for xt_ipp2p Jeremy Sowden
2021-09-13 17:19 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210913092051.79743-2-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=jengelh@inai.de \
--cc=kaskada@email.cz \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).