More IPv4 fragment checks
ClosedPublic
Actions

Authored by jtl on Nov 9 2018, 2:56 PM.

Details

Reviewers

markj
emaste
glebius
bz

Commits

rS340483: Add some additional length checks to the IPv4 fragmentation code.

Summary

Block 0-length fragments. (Previously, they were allowed when the MF bit was clear.)

Ensure that every fragment with the MF bit clear ends at the same offset. (Previously, we allowed multiple fragments with the MF bit, even if they ended at different offsets.)

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jtl created this revision.Nov 9 2018, 2:56 PM

Herald added a subscriber: imp. · View Herald TranscriptNov 9 2018, 2:56 PM

Harbormaster completed remote builds in B20720: Diff 50210.Nov 9 2018, 2:56 PM

markj mentioned this in D17914: Check for an overly large fragment..Nov 9 2018, 3:27 PM

Sorry, getting IPv4 fragments into my head is absolutely not a good idea.

markj accepted this revision.Nov 9 2018, 9:55 PM

This revision is now accepted and ready to land.Nov 9 2018, 9:55 PM

markj mentioned this in D17926: Add a regression test for D17914..Nov 9 2018, 9:57 PM

glebius accepted this revision.Nov 13 2018, 12:36 AM

emaste added inline comments.Nov 13 2018, 3:35 PM

sys/netinet/ip_reass.c
221 ↗	(On Diff #50210)	There are separate `ips_tooshort` and `ips_toosmall` counters, and `ips_toosmall` has the comment `not enough data` so I suspect we can drop the `XXX` comment, perhaps separately.