diff mbox series

[API-NEXT,v16,12/16] linux-gen: ipsec: validate ip header total length

Message ID 1510581630-13993-13-git-send-email-odpbot@yandex.ru
State New
Headers show
Series [API-NEXT,v16,1/16] linux-gen: ipsec: use counter instead of random IV for GCM | expand

Commit Message

Github ODP bot Nov. 13, 2017, 2 p.m. UTC 
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Check that IP packet length from the header is not bogus.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

---
/** Email created from pull request 243 (lumag:ipsec-packet-impl-3)
 ** https://github.com/Linaro/odp/pull/243
 ** Patch: https://github.com/Linaro/odp/pull/243.patch
 ** Base sha: a908a4dead95321e84d6a8a23de060051dcd8969
 ** Merge commit sha: 845914564f2d99792452ac22a524279f44496a1d
 **/
 platform/linux-generic/odp_ipsec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
diff mbox series

Patch

diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index f8085756f..aadc671f9 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -286,6 +286,11 @@  static ipsec_sa_t *ipsec_in_single(odp_packet_t pkt,
 
 	ipsec_offset = ip_offset + ip_hdr_len;
 
+	if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+		status->error.alg = 1;
+		goto err;
+	}
+
 	if (_ODP_IPV4HDR_IS_FRAGMENT(odp_be_to_cpu_16(ip->frag_offset))) {
 		status->error.proto = 1;
 		goto err;
@@ -634,6 +639,11 @@  static ipsec_sa_t *ipsec_out_single(odp_packet_t pkt,
 		goto err;
 	}
 
+	if (odp_be_to_cpu_16(ip->tot_len) + ip_offset > odp_packet_len(pkt)) {
+		status->error.alg = 1;
+		goto err;
+	}
+
 	if (ODP_IPSEC_MODE_TUNNEL == ipsec_sa->mode) {
 		_odp_ipv4hdr_t out_ip;
 		uint16_t tot_len;