------------------------------------------------------------ revno: 351 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell <[EMAIL PROTECTED]> branch nick: tridge timestamp: Sat 2007-05-26 16:32:32 +1000 message: paranoid checks for bad packets in tcp layer. Close the socket if it gets a bad packet modified: common/ctdb.c ctdb.c-20061127094323-t50f58d65iaao5of-2 tcp/tcp_io.c tcp_io.c-20061128004937-x70q1cu5xzg5g2tm-3 === modified file 'common/ctdb.c' --- a/common/ctdb.c 2007-05-25 07:04:13 +0000 +++ b/common/ctdb.c 2007-05-26 06:32:32 +0000 @@ -347,26 +347,6 @@ ctdb->status.node_packets_recv++; - if (length < sizeof(*hdr)) { - ctdb_set_error(ctdb, "Bad packet length %u\n", length); - return; - } - if (length != hdr->length) { - ctdb_set_error(ctdb, "Bad header length %u expected %u\n", - hdr->length, length); - return; - } - - if (hdr->ctdb_magic != CTDB_MAGIC) { - ctdb_set_error(ctdb, "Non CTDB packet rejected\n"); - return; - } - - if (hdr->ctdb_version != CTDB_VERSION) { - ctdb_set_error(ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version); - return; - } - /* up the counter for this source node, so we know its alive */ if (ctdb_validate_vnn(ctdb, hdr->srcnode)) { /* as a special case, redirected calls don't increment the rx_cnt */
=== modified file 'tcp/tcp_io.c' --- a/tcp/tcp_io.c 2007-04-28 09:35:49 +0000 +++ b/tcp/tcp_io.c 2007-05-26 06:32:32 +0000 @@ -34,38 +34,48 @@ void ctdb_tcp_read_cb(uint8_t *data, size_t cnt, void *args) { struct ctdb_incoming *in = talloc_get_type(args, struct ctdb_incoming); - struct ctdb_req_header *hdr; + struct ctdb_req_header *hdr = (struct ctdb_req_header *)data; if (data == NULL) { /* incoming socket has died */ - talloc_free(in); - return; + goto failed; } if (cnt < sizeof(*hdr)) { - ctdb_set_error(in->ctdb, "Bad packet length %u\n", (unsigned)cnt); - return; - } - hdr = (struct ctdb_req_header *)data; + DEBUG(0,(__location__ " Bad packet length %u\n", (unsigned)cnt)); + goto failed; + } + + if (cnt & (CTDB_TCP_ALIGNMENT-1)) { + DEBUG(0,(__location__ " Length 0x%x not multiple of alignment\n", cnt)); + goto failed; + } + + if (cnt != hdr->length) { - ctdb_set_error(in->ctdb, "Bad header length %u expected %u\n", - (unsigned)hdr->length, (unsigned)cnt); - return; + DEBUG(0,(__location__ " Bad header length %u expected %u\n", + (unsigned)hdr->length, (unsigned)cnt)); + goto failed; } if (hdr->ctdb_magic != CTDB_MAGIC) { - ctdb_set_error(in->ctdb, "Non CTDB packet rejected\n"); - return; + DEBUG(0,(__location__ " Non CTDB packet 0x%x rejected\n", + hdr->ctdb_magic)); + goto failed; } if (hdr->ctdb_version != CTDB_VERSION) { - ctdb_set_error(in->ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version); - return; + DEBUG(0, (__location__ " Bad CTDB version 0x%x rejected\n", + hdr->ctdb_version)); + goto failed; } - /* most common case - we got a whole packet in one go - tell the ctdb layer above that we have a packet */ + /* tell the ctdb layer above that we have a packet */ in->ctdb->upcalls->recv_pkt(in->ctdb, data, cnt); + return; + +failed: + talloc_free(in); } /*