nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gluon-radv-filterd: Check for recvfrom errors

Browse Source 
The recvfrom can fail and return -1. The caller must check for this error
to avoid that it reads uninitialized data from pkt.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
This commit is contained in:
Sven Eckelmann 2017-12-20 12:29:24 +01:00 committed by Jan-Philipp Litza
parent 3c8b9fd281
commit 1633c7c005
No known key found for this signature in database
GPG Key ID: 1FB658053CE27196
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package/gluon-radv-filterd/src/gluon-radv-filterd.c
View File

@ -319,16 +319,17 @@ static void handle_ra(int sock) {
struct sockaddr_ll src; struct sockaddr_ll src;
struct ether_addr mac; struct ether_addr mac;
unsigned int addr_size = sizeof(src); unsigned int addr_size = sizeof(src);
size_t len; ssize_t len;
struct { struct {
struct ip6_hdr ip6; struct ip6_hdr ip6;
struct nd_router_advert ra; struct nd_router_advert ra;
} pkt; } pkt;
len = recvfrom(sock, &pkt, sizeof(pkt), 0, (struct sockaddr *)&src, &addr_size); len = recvfrom(sock, &pkt, sizeof(pkt), 0, (struct sockaddr *)&src, &addr_size);
CHECK(len >= 0);
// BPF already checked that this is an ICMPv6 RA of a default router // BPF already checked that this is an ICMPv6 RA of a default router
CHECK(len >= sizeof(pkt)); CHECK((size_t)len >= sizeof(pkt));
CHECK(ntohs(pkt.ip6.ip6_plen) + sizeof(struct ip6_hdr) >= sizeof(pkt)); CHECK(ntohs(pkt.ip6.ip6_plen) + sizeof(struct ip6_hdr) >= sizeof(pkt));
memcpy(&mac, src.sll_addr, sizeof(mac)); memcpy(&mac, src.sll_addr, sizeof(mac));