Use the messageLength header field, rather than the number of bytes received from the transport layer, when determining the length of the suffix. Check to make sure the transport layer delivered at least messageLength number of bytes, but do not discard messages if additional bytes are received. Certain transports, such as raw ethernet, may add and deliver additional padding bytes to the application. It is therefore not safe to assume that all delivered bytes belong to the message.
Signed-off-by: Dylan Robinson <[email protected]> --- msg.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/msg.c b/msg.c index ab841f0..3f68416 100644 --- a/msg.c +++ b/msg.c @@ -184,7 +184,7 @@ static int suffix_post_recv(struct ptp_message *msg, int len) { uint8_t *ptr = msg_suffix(msg); struct tlv_extra *extra; - int err, suffix_len = 0; + int err; if (!ptr) return 0; @@ -202,14 +202,12 @@ static int suffix_post_recv(struct ptp_message *msg, int len) tlv_extra_recycle(extra); return -EBADMSG; } - suffix_len += sizeof(struct TLV); len -= sizeof(struct TLV); ptr += sizeof(struct TLV); if (extra->tlv->length > len) { tlv_extra_recycle(extra); return -EBADMSG; } - suffix_len += extra->tlv->length; len -= extra->tlv->length; ptr += extra->tlv->length; err = tlv_post_recv(extra); @@ -219,7 +217,11 @@ static int suffix_post_recv(struct ptp_message *msg, int len) } msg_tlv_attach(msg, extra); } - return suffix_len; + + if (len) + return -EBADMSG; + + return 0; } static void suffix_pre_send(struct ptp_message *msg) @@ -337,7 +339,7 @@ void msg_get(struct ptp_message *m) int msg_post_recv(struct ptp_message *m, int cnt) { - int err, pdulen, suffix_len, type; + int err, pdulen, type; if (cnt < sizeof(struct ptp_header)) return -EBADMSG; @@ -383,7 +385,7 @@ int msg_post_recv(struct ptp_message *m, int cnt) return -EBADMSG; } - if (cnt < pdulen) + if ((cnt < pdulen) || (cnt < m->header.messageLength)) return -EBADMSG; switch (type) { @@ -422,12 +424,9 @@ int msg_post_recv(struct ptp_message *m, int cnt) break; } - suffix_len = suffix_post_recv(m, cnt - pdulen); - if (suffix_len < 0) { - return suffix_len; - } - if (pdulen + suffix_len != m->header.messageLength) { - return -EBADMSG; + err = suffix_post_recv(m, m->header.messageLength - pdulen); + if (err < 0) { + return err; } return 0; -- 2.34.1 _______________________________________________ Linuxptp-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
