1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 11:29:53 +03:00

Merge PR #1020: Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity

This commit is contained in:
Davide Beatrici 2019-10-27 09:37:11 +01:00 committed by GitHub
commit 1e835e7ec2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -95,45 +95,42 @@ bool OvsProcessData(void *param, TCP_RAW_DATA *received_data, FIFO *data_to_send
while (true) while (true)
{ {
UDPPACKET *packet; UDPPACKET *packet;
UCHAR *packet_ptr; USHORT payload_size, packet_size;
UINT packet_size, total_packet_size; FIFO *fifo = received_data->Data;
FIFO *recv_fifo = received_data->Data; const UINT fifo_size = FifoSize(fifo);
const UINT data_size = FifoSize(recv_fifo);
if (data_size < sizeof(USHORT)) if (fifo_size < sizeof(USHORT))
{ {
// Corrupt data // Non-arrival
break; break;
} }
packet_size = READ_USHORT(FifoPtr(recv_fifo)); // The beginning of a packet contains the data size
payload_size = READ_USHORT(FifoPtr(fifo));
packet_size = payload_size + sizeof(USHORT);
if (packet_size == 0 || packet_size > sizeof(buf)) if (payload_size == 0 || packet_size > sizeof(buf))
{ {
// Invalid packet size
ret = false; ret = false;
Debug("OvsProcessData(): Invalid payload size: %u bytes\n", payload_size);
break; break;
} }
total_packet_size = packet_size + sizeof(USHORT); if (fifo_size < packet_size)
if (data_size < total_packet_size)
{ {
// Corrupt data // Non-arrival
break; break;
} }
if (ReadFifo(recv_fifo, buf, total_packet_size) != total_packet_size) if (ReadFifo(fifo, buf, packet_size) != packet_size)
{ {
// Mismatch
ret = false; ret = false;
Debug("OvsProcessData(): ReadFifo() failed to read the packet\n");
break; break;
} }
// Read one packet and put it in the list // Insert packet into the list
packet_ptr = buf + sizeof(USHORT); packet = NewUdpPacket(&received_data->SrcIP, received_data->SrcPort, &received_data->DstIP, received_data->DstPort, Clone(buf + sizeof(USHORT), payload_size), payload_size);
packet = NewUdpPacket(&received_data->SrcIP, received_data->SrcPort, &received_data->DstIP, received_data->DstPort, Clone(packet_ptr, packet_size), packet_size);
packet->Type = OPENVPN_PROTOCOL_TCP; packet->Type = OPENVPN_PROTOCOL_TCP;
Add(server->RecvPacketList, packet); Add(server->RecvPacketList, packet);
} }