VirtualBox

Changeset 47506 in vbox


Ignore:
Timestamp:
Aug 1, 2013 12:08:51 PM (11 years ago)
Author:
vboxsync
Message:

NAT: Drop oversized frames coming from guest (#6821)

Location:
trunk/src/VBox/Devices/Network
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Network/DrvNAT.cpp

    r47499 r47506  
    6060*   Defined Constants And Macros                                               *
    6161*******************************************************************************/
     62
     63#define DRVNAT_MAXFRAMESIZE (16 * 1024)
    6264
    6365/**
     
    466468    if (!pGso)
    467469    {
     470        /*
     471         * Drop the frame if it is too big.
     472         */
     473        if (cbMin >= DRVNAT_MAXFRAMESIZE)
     474        {
     475            Log(("drvNATNetowrkUp_AllocBuf: drops over-sized frame (%u bytes), returns VERR_INVALID_PARAMETER\n",
     476                 cbMin));
     477            return VERR_INVALID_PARAMETER;
     478        }
     479
    468480        pSgBuf->pvUser      = NULL;
    469481        pSgBuf->pvAllocator = slirp_ext_m_get(pThis->pNATState, cbMin,
     
    477489    else
    478490    {
     491        /*
     492         * Drop the frame if its segment is too big.
     493         */
     494        if (pGso->cbHdrsTotal + pGso->cbMaxSeg >= DRVNAT_MAXFRAMESIZE)
     495        {
     496            Log(("drvNATNetowrkUp_AllocBuf: drops over-sized frame (%u bytes), returns VERR_INVALID_PARAMETER\n",
     497                 pGso->cbHdrsTotal + pGso->cbMaxSeg));
     498            return VERR_INVALID_PARAMETER;
     499        }
     500
    479501        pSgBuf->pvUser      = RTMemDup(pGso, sizeof(*pGso));
    480502        pSgBuf->pvAllocator = NULL;

  • trunk/src/VBox/Devices/Network/slirp/ip_icmp.c

    r46593 r47506  
    613613    register struct icmp *icp;
    614614    register struct mbuf *m;
     615    int new_ip_size = 0;
    615616    int new_m_size = 0;
    616617    int size = 0;
     
    653654    }
    654655
    655     new_m_size = sizeof(struct ip) + ICMP_MINLEN + msrc->m_len + ICMP_MAXDATALEN;
     656    new_ip_size = sizeof(struct ip) + ICMP_MINLEN + ICMP_MAXDATALEN;
     657    new_m_size = if_maxlinkhdr + new_ip_size;
    656658    if (new_m_size < MSIZE)
    657659        size = MCLBYTES;
     
    671673    m->m_pkthdr.header = mtod(m, void *);
    672674
    673     memcpy(m->m_data, msrc->m_data, msrc->m_len);
    674     m->m_len = msrc->m_len;                /* copy msrc to m */
     675    m->m_len = msrc->m_len < new_ip_size ? msrc->m_len : new_ip_size;
     676    memcpy(m->m_data, msrc->m_data, m->m_len);   /* copy msrc to m */
    675677
    676678    /* make the header of the reply packet */
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette