diff mbox series

[API-NEXT,v8,14/16] linux-gen: ipsec: validate ip header total length

Message ID 1510444815-25058-15-git-send-email-odpbot@yandex.ru
State Superseded
Headers show
Series [API-NEXT,v8,1/16] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 12, 2017, midnight UTC 
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Check that IP packet length from the header is not bogus.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: 9ff682c8d0315f3f1921d5b9fe13d62897c78710
 ** Merge commit sha: 38c770f1444aeb3ede5313b7304a1161277ae0b5
 **/
 platform/linux-generic/odp_ipsec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
diff mbox series

Patch

diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index 8101b00c6..e6fb276a6 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -300,6 +300,11 @@  static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
 
 	ipsec_offset = ip_offset + ip_hdr_len;
 
+	if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+		status->error.alg = 1;
+		goto err;
+	}
+
 	if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) {
 		status->error.proto = 1;
 		goto err;
@@ -648,6 +653,11 @@  static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
 		goto err;
 	}
 
+	if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+		status->error.alg = 1;
+		goto err;
+	}
+
 	if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) {
 		_odp_ipv4hdr_t out_ip;
 		uint16_t tot_len;