From 1805876e50b89816581dac16d7283bd130b84c72 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Tue, 10 Aug 2010 11:38:55 -0700 Subject: [PATCH] dpif-netdev: Tolerate undersized packets. Actions that modify packets need to tolerate packets that are too small. Most of the actions already implicitly do this check, since they check for appropriate values in the flow key that would only be there if the corresponding data was present. But actions to modify the Ethernet header didn't have a guarantee that the packet was at least 14 bytes long, and actions to modify the VLAN didn't have such a guarantee either, so this adds appropriate checks. Problem found by code inspection. --- lib/dpif-netdev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 3c22e6dc1..ec971b139 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -1017,6 +1017,9 @@ dp_netdev_port_input(struct dp_netdev *dp, struct dp_netdev_port *port, struct dp_netdev_flow *flow; flow_t key; + if (packet->size < ETH_HEADER_LEN) { + return; + } if (flow_extract(packet, 0, port->port_no, &key) && dp->drop_frags) { dp->n_frags++; return; @@ -1117,7 +1120,8 @@ static void dp_netdev_strip_vlan(struct ofpbuf *packet) { struct vlan_eth_header *veh = packet->l2; - if (veh->veth_type == htons(ETH_TYPE_VLAN)) { + if (packet->size >= sizeof *veh + && veh->veth_type == htons(ETH_TYPE_VLAN)) { struct eth_header tmp; memcpy(tmp.eth_dst, veh->veth_dst, ETH_ADDR_LEN); -- 2.43.0