Otherwise a malformed packet could cause a read up to about 40 bytes past
the end of the packet. The packet would still likely be dropped because
of checksum verification.
Reported-by: Bhargava Shastry
Signed-off-by: Ben Pfaff
---
lib/conntrack.c | 14 --
1 file changed, 12 inserti
2017-03-03 14:08 GMT-08:00 Ben Pfaff :
> Otherwise a malformed packet could cause a read up to about 40 bytes past
> the end of the packet. The packet would still likely be dropped because
> of checksum verification.
>
> Reported-by: Bhargava Shastry
> Signed-off-by: Ben Pfaff
Oops, thanks for
On Fri, Mar 03, 2017 at 05:00:38PM -0800, Daniele Di Proietto wrote:
> 2017-03-03 14:08 GMT-08:00 Ben Pfaff :
> > Otherwise a malformed packet could cause a read up to about 40 bytes past
> > the end of the packet. The packet would still likely be dropped because
> > of checksum verification.
> >
Hi Ben,
Question regarding patch: Shouldn't the fix be applied in flow extract code
itself? I think the malformedness is evident during flow extraction. Might save
you a few cycles/more secure.
On March 4, 2017 6:18:54 AM GMT+01:00, Ben Pfaff wrote:
>On Fri, Mar 03, 2017 at 05:00:38PM -0800,
What bug do you see in the flow extract code?
On Sat, Mar 04, 2017 at 10:09:26AM +0100, Bhargava Shastry wrote:
> Hi Ben,
>
> Question regarding patch: Shouldn't the fix be applied in flow extract code
> itself? I think the malformedness is evident during flow extraction. Might
> save you a few
My point is "miniflow_extract" has these checks that indicate a failed
parsing attempt for the packets in question. For example,
```C
else if (OVS_LIKELY(nw_proto == IPPROTO_ICMP)) {
if (OVS_LIKELY(size >= ICMP_HEADER_LEN)) {
do_something_with_valid_icmp_packet();
}
// Signaling o
On Sat, Mar 04, 2017 at 08:32:39PM +0100, Bhargava Shastry wrote:
> My point is "miniflow_extract" has these checks that indicate a failed
> parsing attempt for the packets in question. For example,
>
> ```C
> else if (OVS_LIKELY(nw_proto == IPPROTO_ICMP)) {
>if (OVS_LIKELY(size >= ICMP_HEADER