From 67de5a295c9f4693f0c65d69fed67a3618bee6dd Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Wed, 13 Dec 2017 01:15:05 +0000 Subject: [PATCH] MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header There is minimal gain in checking first the IP header length and then the TCP header length since we always want to capture information about both protocols. IPv4 length calculation was incorrect since IPv4 ip_len actually defines the total length of IPv4 header and following data. --- src/connection.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/src/connection.c b/src/connection.c index e716e80467..8d2fb77bed 100644 --- a/src/connection.c +++ b/src/connection.c @@ -763,9 +763,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) hdr_ip4 = (struct ip *)line; - if (trash.len < ntohs(hdr_ip4->ip_len)) { + if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) { /* Fail if buffer length is not large enough to contain - * IPv4 header */ + * IPv4 header, TCP header */ goto missing; } else if (hdr_ip4->ip_p != IPPROTO_TCP) { @@ -773,11 +773,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) conn->err_code = CO_ER_CIP_BAD_PROTO; goto fail; } - else if (trash.len < (20 + ntohs(hdr_ip4->ip_len))) { - /* Fail if buffer length is not large enough to contain - * IPv4 header, TCP header */ - goto missing; - } hdr_tcp = (struct my_tcphdr *)(line + (hdr_ip4->ip_hl * 4)); @@ -798,9 +793,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) hdr_ip6 = (struct ip6_hdr *)line; - if (trash.len < 40) { + if (trash.len < 60) { /* Fail if buffer length is not large enough to contain - * IPv6 header */ + * IPv6 header, TCP header */ goto missing; } else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) { @@ -808,11 +803,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) conn->err_code = CO_ER_CIP_BAD_PROTO; goto fail; } - else if (trash.len < 60) { - /* Fail if buffer length is not large enough to contain - * IPv6 header, TCP header */ - goto missing; - } hdr_tcp = (struct my_tcphdr *)(line + sizeof(struct ip6_hdr));