=== modified file 'uspace/srv/net/inetsrv/pdu.c'
|
|
|
|
| 105 | 105 | size_t offs, size_t mtu, void **rdata, size_t *rsize, size_t *roffs) |
| 106 | 106 | { |
| 107 | 107 | /* Upper bound for fragment offset field */ |
| 108 | | size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l |
| | 108 | size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l+1); |
| 109 | 109 | |
| 110 | 110 | /* Verify that total size of datagram is within reasonable bounds */ |
| 111 | | if (offs + packet->size > FRAG_OFFS_UNIT * fragoff_limit) |
| | 111 | if ( packet->size > FRAG_OFFS_UNIT * fragoff_limit) |
| 112 | 112 | return ELIMIT; |
| 113 | 113 | |
| 114 | 114 | size_t hdr_size = sizeof(ip_header_t); |
=== modified file 'uspace/srv/net/inetsrv/reass.c'
|
|
|
|
| 54 | 54 | link_t map_link; |
| 55 | 55 | /** List of fragments, @c reass_frag_t */ |
| 56 | 56 | list_t frags; |
| | 57 | void *data; |
| 57 | 58 | } reass_dgram_t; |
| 58 | 59 | |
| 59 | 60 | /** One datagram fragment */ |
| … |
… |
|
| 84 | 85 | { |
| 85 | 86 | reass_dgram_t *rdg; |
| 86 | 87 | int rc; |
| 87 | | |
| 88 | 88 | log_msg(LOG_DEFAULT, LVL_DEBUG, "inet_reass_queue_packet()"); |
| 89 | 89 | |
| 90 | 90 | fibril_mutex_lock(&reass_dgram_map_lock); |
| … |
… |
|
| 102 | 102 | rc = reass_dgram_insert_frag(rdg, packet); |
| 103 | 103 | if (rc != EOK) |
| 104 | 104 | return ENOMEM; |
| 105 | | |
| | 105 | |
| 106 | 106 | /* Check if datagram is complete */ |
| 107 | 107 | if (reass_dgram_complete(rdg)) { |
| 108 | 108 | /* Remove it from the map */ |
| … |
… |
|
| 197 | 197 | |
| 198 | 198 | frag->packet = *packet; |
| 199 | 199 | frag->packet.data = data_copy; |
| | 200 | memcpy(data_copy, packet->data, packet->size); |
| 200 | 201 | |
| 201 | 202 | /* |
| 202 | 203 | * XXX Make resource-consuming attacks harder, eliminate any duplicate |
| … |
… |
|
| 208 | 209 | */ |
| 209 | 210 | |
| 210 | 211 | link = list_first(&rdg->frags); |
| 211 | | while (link != NULL |
| | 212 | while (link != NULL ) { |
| 212 | 213 | reass_frag_t *qf = list_get_instance(link, reass_frag_t, |
| 213 | 214 | dgram_link); |
| 214 | 215 | |
| 215 | 216 | if (qf->packet.offs >= packet->offs) |
| 216 | 217 | break; |
| 217 | | |
| 218 | | link = link->next; |
| | 218 | if ( link->next != &rdg->frags.head) |
| | 219 | link = link->next; |
| | 220 | else |
| | 221 | break; |
| 219 | 222 | } |
| 220 | 223 | |
| 221 | | if (link != NULL) |
| | 224 | if (link != NULL){ |
| 222 | 225 | list_insert_after(&frag->dgram_link, link); |
| 223 | | else |
| | 226 | } else { |
| 224 | 227 | list_append(&frag->dgram_link, &rdg->frags); |
| | 228 | } |
| 225 | 229 | |
| 226 | 230 | return EOK; |
| 227 | 231 | } |
| … |
… |
|
| 242 | 246 | /* First fragment must be at offset zero */ |
| 243 | 247 | frag = list_get_instance(list_first(&rdg->frags), reass_frag_t, |
| 244 | 248 | dgram_link); |
| 245 | | if (frag->packet.offs != 0) |
| | 249 | if (frag->packet.offs != 0) { |
| 246 | 250 | return false; |
| | 251 | } |
| 247 | 252 | |
| 248 | 253 | prev = frag; |
| 249 | 254 | while (true) { |
| 250 | 255 | link = frag->dgram_link.next; |
| 251 | | if (link == NULL |
| | 256 | if (link == NULL || link == (&rdg->frags.head)) |
| 252 | 257 | return false; |
| 253 | 258 | |
| 254 | 259 | /* Each next fragment must follow immediately or overlap */ |
| 255 | 260 | frag = list_get_instance(link, reass_frag_t, dgram_link); |
| 256 | | if (frag->packet.offs > prev->packet.offs + prev->packet.size) |
| | 261 | if (frag->packet.offs > prev->packet.offs + prev->packet.size){ |
| 257 | 262 | return false; |
| | 263 | } |
| 258 | 264 | |
| 259 | 265 | /* No more fragments - datagram is complete */ |
| 260 | 266 | if (!frag->packet.mf) |
| … |
… |
|
| 306 | 312 | dgram_size = frag->packet.offs + frag->packet.size; |
| 307 | 313 | |
| 308 | 314 | /* Upper bound for fragment offset field */ |
| 309 | | fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l |
| | 315 | fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l+1); |
| 310 | 316 | |
| 311 | 317 | /* Verify that total size of datagram is within reasonable bounds */ |
| 312 | 318 | if (dgram_size > FRAG_OFFS_UNIT * fragoff_limit) |
| 313 | 319 | return ELIMIT; |
| 314 | 320 | |
| 315 | | dgram.data = |
| | 321 | dgram.data = rdg->data = calloc(dgram_size, 1); |
| 316 | 322 | if (dgram.data == NULL) |
| 317 | 323 | return ENOMEM; |
| 318 | 324 | |
| … |
… |
|
| 333 | 339 | ce = min(dgram_size, cfrag->packet.offs + cfrag->packet.size); |
| 334 | 340 | |
| 335 | 341 | if (ce > cb) { |
| 336 | | memcpy(dgram.data + cb, |
| | 342 | memcpy(dgram.data + cb, cfrag->packet.data, cfrag->packet.size); |
| | 343 | |
| | 344 | /* memcpy(dgram.data + cb, |
| 337 | 345 | cfrag->packet.data + cb - cfrag->packet.offs, |
| 338 | | ce - cb); |
| | 346 | ce - cb);*/ |
| 339 | 347 | } |
| 340 | 348 | |
| 341 | 349 | if (!cfrag->packet.mf) |
| 342 | 350 | break; |
| 343 | 351 | } |
| 344 | | |
| 345 | 352 | return inet_recv_dgram_local(&dgram, proto); |
| 346 | 353 | } |
| 347 | 354 | |
| … |
… |
|
| 360 | 367 | free(frag->packet.data); |
| 361 | 368 | free(frag); |
| 362 | 369 | } |
| 363 | | |
| | 370 | free(rdg->data); |
| 364 | 371 | free(rdg); |
| 365 | 372 | } |
| 366 | 373 | |
=== modified file 'uspace/srv/net/udp/assoc.c'
|
|
|
|
| 274 | 274 | return ENOMEM; |
| 275 | 275 | |
| 276 | 276 | rc = udp_transmit_pdu(pdu); |
| | 277 | udp_pdu_delete(pdu); |
| | 278 | |
| 277 | 279 | if (rc != EOK) |
| 278 | 280 | return EIO; |
| 279 | | |
| 280 | | udp_pdu_delete(pdu); |
| 281 | | |
| 282 | 281 | return EOK; |
| 283 | 282 | } |
| 284 | 283 | |
| … |
… |
|
| 328 | 327 | int rc; |
| 329 | 328 | |
| 330 | 329 | log_msg(LOG_DEFAULT, LVL_DEBUG, "udp_assoc_received(%p, %p)", rsp, msg); |
| | 330 | |
| | 331 | //timeout assoc queue; in case of client crash |
| 331 | 332 | |
| 332 | 333 | assoc = udp_assoc_find_ref(rsp); |
| 333 | 334 | if (assoc == NULL) { |
| 334 | 335 | log_msg(LOG_DEFAULT, LVL_DEBUG, "No association found. Message dropped."); |
| 335 | 336 | /* XXX Generate ICMP error. */ |
| 336 | 337 | /* XXX Might propagate error directly by error return. */ |
| | 338 | udp_msg_delete(msg); |
| 337 | 339 | return; |
| 338 | 340 | } |
| 339 | 341 | |
=== modified file 'uspace/srv/net/udp/msg.c'
|
|
|
|
| 49 | 49 | /** Delete segment. */ |
| 50 | 50 | void udp_msg_delete(udp_msg_t *msg) |
| 51 | 51 | { |
| | 52 | free(msg->data); |
| 52 | 53 | free(msg); |
| 53 | 54 | } |
| 54 | 55 | |
=== modified file 'uspace/srv/net/udp/pdu.c'
|
|
|
|
| 196 | 196 | if (nmsg == NULL) |
| 197 | 197 | return ENOMEM; |
| 198 | 198 | |
| 199 | | |
| | 199 | //nmsg->data = text; |
| 200 | 200 | nmsg->data_size = length - sizeof(udp_header_t); |
| | 201 | nmsg->data = malloc(nmsg->data_size); |
| | 202 | memcpy(nmsg->data, text, nmsg->data_size); |
| 201 | 203 | |
| 202 | 204 | *msg = nmsg; |
| 203 | 205 | return EOK; |
=== modified file 'uspace/srv/net/udp/udp_type.h'
|
|
|
|
| 42 | 42 | #include <sys/types.h> |
| 43 | 43 | #include <inet/addr.h> |
| 44 | 44 | |
| 45 | | #define UDP_FRAGMENT_SIZE 4096 |
| 46 | | |
| | 45 | #define UDP_FRAGMENT_SIZE 65535 |
| 47 | 46 | |
| 48 | 47 | typedef enum { |
| 49 | 48 | UDP_EOK, |
