------------------------------------------------------------
revno: 351
revision-id: [EMAIL PROTECTED]
parent: [EMAIL PROTECTED]
committer: Andrew Tridgell <[EMAIL PROTECTED]>
branch nick: tridge
timestamp: Sat 2007-05-26 16:32:32 +1000
message:
paranoid checks for bad packets in tcp layer. Close the socket if it gets a
bad packet
modified:
common/ctdb.c ctdb.c-20061127094323-t50f58d65iaao5of-2
tcp/tcp_io.c tcp_io.c-20061128004937-x70q1cu5xzg5g2tm-3
=== modified file 'common/ctdb.c'
--- a/common/ctdb.c 2007-05-25 07:04:13 +0000
+++ b/common/ctdb.c 2007-05-26 06:32:32 +0000
@@ -347,26 +347,6 @@
ctdb->status.node_packets_recv++;
- if (length < sizeof(*hdr)) {
- ctdb_set_error(ctdb, "Bad packet length %u\n", length);
- return;
- }
- if (length != hdr->length) {
- ctdb_set_error(ctdb, "Bad header length %u expected %u\n",
- hdr->length, length);
- return;
- }
-
- if (hdr->ctdb_magic != CTDB_MAGIC) {
- ctdb_set_error(ctdb, "Non CTDB packet rejected\n");
- return;
- }
-
- if (hdr->ctdb_version != CTDB_VERSION) {
- ctdb_set_error(ctdb, "Bad CTDB version 0x%x rejected\n",
hdr->ctdb_version);
- return;
- }
-
/* up the counter for this source node, so we know its alive */
if (ctdb_validate_vnn(ctdb, hdr->srcnode)) {
/* as a special case, redirected calls don't increment the
rx_cnt */
=== modified file 'tcp/tcp_io.c'
--- a/tcp/tcp_io.c 2007-04-28 09:35:49 +0000
+++ b/tcp/tcp_io.c 2007-05-26 06:32:32 +0000
@@ -34,38 +34,48 @@
void ctdb_tcp_read_cb(uint8_t *data, size_t cnt, void *args)
{
struct ctdb_incoming *in = talloc_get_type(args, struct ctdb_incoming);
- struct ctdb_req_header *hdr;
+ struct ctdb_req_header *hdr = (struct ctdb_req_header *)data;
if (data == NULL) {
/* incoming socket has died */
- talloc_free(in);
- return;
+ goto failed;
}
if (cnt < sizeof(*hdr)) {
- ctdb_set_error(in->ctdb, "Bad packet length %u\n",
(unsigned)cnt);
- return;
- }
- hdr = (struct ctdb_req_header *)data;
+ DEBUG(0,(__location__ " Bad packet length %u\n",
(unsigned)cnt));
+ goto failed;
+ }
+
+ if (cnt & (CTDB_TCP_ALIGNMENT-1)) {
+ DEBUG(0,(__location__ " Length 0x%x not multiple of
alignment\n", cnt));
+ goto failed;
+ }
+
+
if (cnt != hdr->length) {
- ctdb_set_error(in->ctdb, "Bad header length %u expected %u\n",
- (unsigned)hdr->length, (unsigned)cnt);
- return;
+ DEBUG(0,(__location__ " Bad header length %u expected %u\n",
+ (unsigned)hdr->length, (unsigned)cnt));
+ goto failed;
}
if (hdr->ctdb_magic != CTDB_MAGIC) {
- ctdb_set_error(in->ctdb, "Non CTDB packet rejected\n");
- return;
+ DEBUG(0,(__location__ " Non CTDB packet 0x%x rejected\n",
+ hdr->ctdb_magic));
+ goto failed;
}
if (hdr->ctdb_version != CTDB_VERSION) {
- ctdb_set_error(in->ctdb, "Bad CTDB version 0x%x rejected\n",
hdr->ctdb_version);
- return;
+ DEBUG(0, (__location__ " Bad CTDB version 0x%x rejected\n",
+ hdr->ctdb_version));
+ goto failed;
}
- /* most common case - we got a whole packet in one go
- tell the ctdb layer above that we have a packet */
+ /* tell the ctdb layer above that we have a packet */
in->ctdb->upcalls->recv_pkt(in->ctdb, data, cnt);
+ return;
+
+failed:
+ talloc_free(in);
}
/*
