Fork us on GitHub Follow us on Facebook Follow us on Twitter

Changeset fc6abbe in mainline


Ignore:
Timestamp:
2014-07-17T13:36:45Z (6 years ago)
Author:
Jiri Svoboda <jiri@…>
Branches:
master
Children:
869d936
Parents:
5c2e8d0
Message:

Fix a few bugs in IP reassembly code (thx Fan Jinfei).

Location:
uspace/srv/net/inetsrv
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • uspace/srv/net/inetsrv/pdu.c

    r5c2e8d0 rfc6abbe  
    106106{
    107107        /* Upper bound for fragment offset field */
    108         size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l);
     108        size_t fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l + 1);
    109109       
    110110        /* Verify that total size of datagram is within reasonable bounds */
    111         if (offs + packet->size > FRAG_OFFS_UNIT * fragoff_limit)
     111        if (packet->size > FRAG_OFFS_UNIT * fragoff_limit)
    112112                return ELIMIT;
    113113       
  • uspace/srv/net/inetsrv/reass.c

    r5c2e8d0 rfc6abbe  
    196196                return ENOMEM;
    197197
     198        memcpy(data_copy, packet->data, packet->size);
     199
    198200        frag->packet = *packet;
    199201        frag->packet.data = data_copy;
     
    216218                        break;
    217219
    218                 link = link->next;
     220                link = list_next(link, &rdg->frags);
    219221        }
    220222
     
    240242        assert(!list_empty(&rdg->frags));
    241243
     244        link = list_first(&rdg->frags);
     245        assert(link != NULL);
     246
     247        frag = list_get_instance(link, reass_frag_t,
     248            dgram_link);
     249
    242250        /* First fragment must be at offset zero */
    243         frag = list_get_instance(list_first(&rdg->frags), reass_frag_t,
    244             dgram_link);
    245251        if (frag->packet.offs != 0)
    246252                return false;
    247253
    248254        prev = frag;
     255
    249256        while (true) {
    250                 link = frag->dgram_link.next;
     257                link = list_next(link, &rdg->frags);
    251258                if (link == NULL)
    252                         return false;
     259                        break;
    253260
    254261                /* Each next fragment must follow immediately or overlap */
     
    288295        uint8_t proto;
    289296        reass_frag_t *frag;
     297        int rc;
    290298
    291299        /*
     
    307315
    308316        /* Upper bound for fragment offset field */
    309         fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l);
     317        fragoff_limit = 1 << (FF_FRAGOFF_h - FF_FRAGOFF_l + 1);
    310318
    311319        /* Verify that total size of datagram is within reasonable bounds */
     
    343351        }
    344352
    345         return inet_recv_dgram_local(&dgram, proto);
     353        rc = inet_recv_dgram_local(&dgram, proto);
     354        free(dgram.data);
     355        return rc;
    346356}
    347357
Note: See TracChangeset for help on using the changeset viewer.