mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity
Coverity Scan detected an out-of-bounds access issue: OvsProcessData() checked whether the payload size was bigger than the size of the buffer, instead of checking whether the entire packet size (payload size + 2 bytes) was, resulting in an out-of-bounds access in case the payload size is bigger than 1998. This commit also improves the variable names, the comments and adds two Debug() lines.
This commit is contained in:
parent
7349c4b16a
commit
5d73cd878f
@ -95,45 +95,42 @@ bool OvsProcessData(void *param, TCP_RAW_DATA *received_data, FIFO *data_to_send
|
|||||||
while (true)
|
while (true)
|
||||||
{
|
{
|
||||||
UDPPACKET *packet;
|
UDPPACKET *packet;
|
||||||
UCHAR *packet_ptr;
|
USHORT payload_size, packet_size;
|
||||||
UINT packet_size, total_packet_size;
|
FIFO *fifo = received_data->Data;
|
||||||
FIFO *recv_fifo = received_data->Data;
|
const UINT fifo_size = FifoSize(fifo);
|
||||||
const UINT data_size = FifoSize(recv_fifo);
|
|
||||||
|
|
||||||
if (data_size < sizeof(USHORT))
|
if (fifo_size < sizeof(USHORT))
|
||||||
{
|
{
|
||||||
// Corrupt data
|
// Non-arrival
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_size = READ_USHORT(FifoPtr(recv_fifo));
|
// The beginning of a packet contains the data size
|
||||||
|
payload_size = READ_USHORT(FifoPtr(fifo));
|
||||||
|
packet_size = payload_size + sizeof(USHORT);
|
||||||
|
|
||||||
if (packet_size == 0 || packet_size > sizeof(buf))
|
if (payload_size == 0 || packet_size > sizeof(buf))
|
||||||
{
|
{
|
||||||
// Invalid packet size
|
|
||||||
ret = false;
|
ret = false;
|
||||||
|
Debug("OvsProcessData(): Invalid payload size: %u bytes\n", payload_size);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
total_packet_size = packet_size + sizeof(USHORT);
|
if (fifo_size < packet_size)
|
||||||
|
|
||||||
if (data_size < total_packet_size)
|
|
||||||
{
|
{
|
||||||
// Corrupt data
|
// Non-arrival
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ReadFifo(recv_fifo, buf, total_packet_size) != total_packet_size)
|
if (ReadFifo(fifo, buf, packet_size) != packet_size)
|
||||||
{
|
{
|
||||||
// Mismatch
|
|
||||||
ret = false;
|
ret = false;
|
||||||
|
Debug("OvsProcessData(): ReadFifo() failed to read the packet\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read one packet and put it in the list
|
// Insert packet into the list
|
||||||
packet_ptr = buf + sizeof(USHORT);
|
packet = NewUdpPacket(&received_data->SrcIP, received_data->SrcPort, &received_data->DstIP, received_data->DstPort, Clone(buf + sizeof(USHORT), payload_size), payload_size);
|
||||||
|
|
||||||
packet = NewUdpPacket(&received_data->SrcIP, received_data->SrcPort, &received_data->DstIP, received_data->DstPort, Clone(packet_ptr, packet_size), packet_size);
|
|
||||||
packet->Type = OPENVPN_PROTOCOL_TCP;
|
packet->Type = OPENVPN_PROTOCOL_TCP;
|
||||||
Add(server->RecvPacketList, packet);
|
Add(server->RecvPacketList, packet);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user