=== modified file 'uspace/srv/net/inetsrv/pdu.c'
|
|
|
105 | 105 | size_t offs, size_t mtu, void **rdata, size_t *rsize, size_t *roffs) |
106 | 106 | { |
107 | 107 | /* Upper bound for fragment offset field */ |
108 | | size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l); |
| 108 | size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l+1); |
109 | 109 | |
110 | 110 | /* Verify that total size of datagram is within reasonable bounds */ |
111 | | if (offs + packet->size > FRAG_OFFS_UNIT * fragoff_limit) |
| 111 | if ( packet->size > FRAG_OFFS_UNIT * fragoff_limit) |
112 | 112 | return ELIMIT; |
113 | 113 | |
114 | 114 | size_t hdr_size = sizeof(ip_header_t); |
=== modified file 'uspace/srv/net/inetsrv/reass.c'
|
|
|
54 | 54 | link_t map_link; |
55 | 55 | /** List of fragments, @c reass_frag_t */ |
56 | 56 | list_t frags; |
| 57 | void *data; |
57 | 58 | } reass_dgram_t; |
58 | 59 | |
59 | 60 | /** One datagram fragment */ |
… |
… |
|
84 | 85 | { |
85 | 86 | reass_dgram_t *rdg; |
86 | 87 | int rc; |
87 | | |
88 | 88 | log_msg(LOG_DEFAULT, LVL_DEBUG, "inet_reass_queue_packet()"); |
89 | 89 | |
90 | 90 | fibril_mutex_lock(&reass_dgram_map_lock); |
… |
… |
|
102 | 102 | rc = reass_dgram_insert_frag(rdg, packet); |
103 | 103 | if (rc != EOK) |
104 | 104 | return ENOMEM; |
105 | | |
| 105 | |
106 | 106 | /* Check if datagram is complete */ |
107 | 107 | if (reass_dgram_complete(rdg)) { |
108 | 108 | /* Remove it from the map */ |
… |
… |
|
197 | 197 | |
198 | 198 | frag->packet = *packet; |
199 | 199 | frag->packet.data = data_copy; |
| 200 | memcpy(data_copy, packet->data, packet->size); |
200 | 201 | |
201 | 202 | /* |
202 | 203 | * XXX Make resource-consuming attacks harder, eliminate any duplicate |
… |
… |
|
208 | 209 | */ |
209 | 210 | |
210 | 211 | link = list_first(&rdg->frags); |
211 | | while (link != NULL) { |
| 212 | while (link != NULL ) { |
212 | 213 | reass_frag_t *qf = list_get_instance(link, reass_frag_t, |
213 | 214 | dgram_link); |
214 | 215 | |
215 | 216 | if (qf->packet.offs >= packet->offs) |
216 | 217 | break; |
217 | | |
218 | | link = link->next; |
| 218 | if ( link->next != &rdg->frags.head) |
| 219 | link = link->next; |
| 220 | else |
| 221 | break; |
219 | 222 | } |
220 | 223 | |
221 | | if (link != NULL) |
| 224 | if (link != NULL){ |
222 | 225 | list_insert_after(&frag->dgram_link, link); |
223 | | else |
| 226 | } else { |
224 | 227 | list_append(&frag->dgram_link, &rdg->frags); |
| 228 | } |
225 | 229 | |
226 | 230 | return EOK; |
227 | 231 | } |
… |
… |
|
242 | 246 | /* First fragment must be at offset zero */ |
243 | 247 | frag = list_get_instance(list_first(&rdg->frags), reass_frag_t, |
244 | 248 | dgram_link); |
245 | | if (frag->packet.offs != 0) |
| 249 | if (frag->packet.offs != 0) { |
246 | 250 | return false; |
| 251 | } |
247 | 252 | |
248 | 253 | prev = frag; |
249 | 254 | while (true) { |
250 | 255 | link = frag->dgram_link.next; |
251 | | if (link == NULL) |
| 256 | if (link == NULL || link == (&rdg->frags.head)) |
252 | 257 | return false; |
253 | 258 | |
254 | 259 | /* Each next fragment must follow immediately or overlap */ |
255 | 260 | frag = list_get_instance(link, reass_frag_t, dgram_link); |
256 | | if (frag->packet.offs > prev->packet.offs + prev->packet.size) |
| 261 | if (frag->packet.offs > prev->packet.offs + prev->packet.size){ |
257 | 262 | return false; |
| 263 | } |
258 | 264 | |
259 | 265 | /* No more fragments - datagram is complete */ |
260 | 266 | if (!frag->packet.mf) |
… |
… |
|
306 | 312 | dgram_size = frag->packet.offs + frag->packet.size; |
307 | 313 | |
308 | 314 | /* Upper bound for fragment offset field */ |
309 | | fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l); |
| 315 | fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l+1); |
310 | 316 | |
311 | 317 | /* Verify that total size of datagram is within reasonable bounds */ |
312 | 318 | if (dgram_size > FRAG_OFFS_UNIT * fragoff_limit) |
313 | 319 | return ELIMIT; |
314 | 320 | |
315 | | dgram.data = calloc(dgram_size, 1); |
| 321 | dgram.data = rdg->data = calloc(dgram_size, 1); |
316 | 322 | if (dgram.data == NULL) |
317 | 323 | return ENOMEM; |
318 | 324 | |
… |
… |
|
333 | 339 | ce = min(dgram_size, cfrag->packet.offs + cfrag->packet.size); |
334 | 340 | |
335 | 341 | if (ce > cb) { |
336 | | memcpy(dgram.data + cb, |
| 342 | memcpy(dgram.data + cb, cfrag->packet.data, cfrag->packet.size); |
| 343 | |
| 344 | /* memcpy(dgram.data + cb, |
337 | 345 | cfrag->packet.data + cb - cfrag->packet.offs, |
338 | | ce - cb); |
| 346 | ce - cb);*/ |
339 | 347 | } |
340 | 348 | |
341 | 349 | if (!cfrag->packet.mf) |
342 | 350 | break; |
343 | 351 | } |
344 | | |
345 | 352 | return inet_recv_dgram_local(&dgram, proto); |
346 | 353 | } |
347 | 354 | |
… |
… |
|
360 | 367 | free(frag->packet.data); |
361 | 368 | free(frag); |
362 | 369 | } |
363 | | |
| 370 | free(rdg->data); |
364 | 371 | free(rdg); |
365 | 372 | } |
366 | 373 | |
=== modified file 'uspace/srv/net/udp/assoc.c'
|
|
|
274 | 274 | return ENOMEM; |
275 | 275 | |
276 | 276 | rc = udp_transmit_pdu(pdu); |
| 277 | udp_pdu_delete(pdu); |
| 278 | |
277 | 279 | if (rc != EOK) |
278 | 280 | return EIO; |
279 | | |
280 | | udp_pdu_delete(pdu); |
281 | | |
282 | 281 | return EOK; |
283 | 282 | } |
284 | 283 | |
… |
… |
|
328 | 327 | int rc; |
329 | 328 | |
330 | 329 | log_msg(LOG_DEFAULT, LVL_DEBUG, "udp_assoc_received(%p, %p)", rsp, msg); |
| 330 | |
| 331 | //timeout assoc queue; in case of client crash |
331 | 332 | |
332 | 333 | assoc = udp_assoc_find_ref(rsp); |
333 | 334 | if (assoc == NULL) { |
334 | 335 | log_msg(LOG_DEFAULT, LVL_DEBUG, "No association found. Message dropped."); |
335 | 336 | /* XXX Generate ICMP error. */ |
336 | 337 | /* XXX Might propagate error directly by error return. */ |
| 338 | udp_msg_delete(msg); |
337 | 339 | return; |
338 | 340 | } |
339 | 341 | |
=== modified file 'uspace/srv/net/udp/msg.c'
|
|
|
49 | 49 | /** Delete segment. */ |
50 | 50 | void udp_msg_delete(udp_msg_t *msg) |
51 | 51 | { |
| 52 | free(msg->data); |
52 | 53 | free(msg); |
53 | 54 | } |
54 | 55 | |
=== modified file 'uspace/srv/net/udp/pdu.c'
|
|
|
196 | 196 | if (nmsg == NULL) |
197 | 197 | return ENOMEM; |
198 | 198 | |
199 | | nmsg->data = text; |
| 199 | //nmsg->data = text; |
200 | 200 | nmsg->data_size = length - sizeof(udp_header_t); |
| 201 | nmsg->data = malloc(nmsg->data_size); |
| 202 | memcpy(nmsg->data, text, nmsg->data_size); |
201 | 203 | |
202 | 204 | *msg = nmsg; |
203 | 205 | return EOK; |
=== modified file 'uspace/srv/net/udp/udp_type.h'
|
|
|
42 | 42 | #include <sys/types.h> |
43 | 43 | #include <inet/addr.h> |
44 | 44 | |
45 | | #define UDP_FRAGMENT_SIZE 4096 |
46 | | |
| 45 | #define UDP_FRAGMENT_SIZE 65535 |
47 | 46 | |
48 | 47 | typedef enum { |
49 | 48 | UDP_EOK, |