From 735e4aecfcf34ec46c3143bfad9a123466fd8296 Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Wed, 24 Jul 2024 11:07:19 +0200 Subject: [PATCH] MINOR: quic: Avoid cc priv buffer overflow. Add two initcall callback with BUG_ON_HOT() to newro and cubic modules to ensure there is no buffer overflow when accessing the private data of these congestion control algorithm state structures. This is to ensure that further modifications about these data structures will not lead to surprises. At this time there is no possible buffer overflow. --- src/quic_cc_cubic.c | 8 ++++++++ src/quic_cc_newreno.c | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c index 4bd1a7ce42..51d11b11c2 100644 --- a/src/quic_cc_cubic.c +++ b/src/quic_cc_cubic.c @@ -640,3 +640,11 @@ struct quic_cc_algo quic_cc_algo_cubic = { .hystart_start_round = quic_cc_cubic_hystart_start_round, .state_trace = quic_cc_cubic_state_trace, }; + +void quic_cc_cubic_check(void) +{ + struct quic_cc *cc; + BUG_ON_HOT(sizeof(struct cubic) > sizeof(cc->priv)); +} + +INITCALL0(STG_REGISTER, quic_cc_cubic_check); diff --git a/src/quic_cc_newreno.c b/src/quic_cc_newreno.c index ca298776c4..4d035b5511 100644 --- a/src/quic_cc_newreno.c +++ b/src/quic_cc_newreno.c @@ -223,3 +223,10 @@ struct quic_cc_algo quic_cc_algo_nr = { .state_trace = quic_cc_nr_state_trace, }; +void quic_cc_nr_check(void) +{ + struct quic_cc *cc; + BUG_ON_HOT(sizeof(struct nr) > sizeof(cc->priv)); +} + +INITCALL0(STG_REGISTER, quic_cc_nr_check);