Changeset 66522 in vbox for trunk/src/VBox/Devices/Network/slirp

Timestamp:

Apr 12, 2017 8:48:26 AM (8 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

114530

Message:

Devices/Network/slirp: bugref:8736: additional sanity check

File:

• trunk/src/VBox/Devices/Network/slirp/ip_input.c (modified) (7 diffs)

trunk/src/VBox/Devices/Network/slirp/ip_input.c

@@ -95 +95 @@
     int hlen = 0;
     int mlen = 0;
+    int iplen = 0;
 
     STAM_PROFILE_START(&pData->StatIP_input, a);
@@ -103 +104 @@
 
     ipstat.ips_total++;
-    {
-        int rc;
-        if (!(m->m_flags & M_SKIP_FIREWALL))
-        {
-            STAM_PROFILE_START(&pData->StatALIAS_input, b);
-            rc = LibAliasIn(pData->proxy_alias, mtod(m, char *), m_length(m, NULL));
-            STAM_PROFILE_STOP(&pData->StatALIAS_input, b);
-            Log2(("NAT: LibAlias return %d\n", rc));
-        }
-        else
-            m->m_flags &= ~M_SKIP_FIREWALL;
-
-        /*
-         * XXX: TODO: this is most likely a leftover spooky action at
-         * a distance from alias_dns.c host resolver code and can be
-         * g/c'ed.
-         */
-        if (m->m_len != RT_N2H_U16(ip->ip_len))
-            m->m_len = RT_N2H_U16(ip->ip_len);
-    }
 
     mlen = m->m_len;
@@ -158 +139 @@
     }
 
-    /*
-     * Convert fields to host representation.
-     */
-    NTOHS(ip->ip_len);
-    if (ip->ip_len < hlen)
+    iplen = RT_N2H_U16(ip->ip_len);
+    if (iplen < hlen)
     {
         ipstat.ips_badlen++;
         goto bad_free_m;
     }
-
-    NTOHS(ip->ip_id);
-    NTOHS(ip->ip_off);
 
     /*
@@ -177 +152 @@
      * Drop packet if shorter than we expect.
      */
-    if (mlen < ip->ip_len)
+    if (mlen < iplen)
     {
         ipstat.ips_tooshort++;
@@ -184 +159 @@
 
     /* Should drop packet if mbuf too long? hmmm... */
-    if (mlen > ip->ip_len)
-        m_adj(m, ip->ip_len - mlen);
+    if (mlen > iplen)
+    {
+        m_adj(m, iplen - mlen);
+        mlen = m->m_len;
+    }
 
     /* source must be unicast */
@@ -208 +186 @@
         if (ip->ip_ttl <= 1)
         {
+            /* icmp_error expects these in host order */
+            NTOHS(ip->ip_len);
+            NTOHS(ip->ip_id);
+            NTOHS(ip->ip_off);
+
             icmp_error(pData, m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, 0, "ttl");
             goto no_free_m;
@@ -227 +210 @@
     }
 
+    /* run it through libalias */
+    {
+        int rc;
+        if (!(m->m_flags & M_SKIP_FIREWALL))
+        {
+            STAM_PROFILE_START(&pData->StatALIAS_input, b);
+            rc = LibAliasIn(pData->proxy_alias, mtod(m, char *), mlen);
+            STAM_PROFILE_STOP(&pData->StatALIAS_input, b);
+            Log2(("NAT: LibAlias return %d\n", rc));
+        }
+        else
+            m->m_flags &= ~M_SKIP_FIREWALL;
+
+#if 0 /* disabled: no module we use does it in this direction */
+        /*
+         * XXX: spooky action at a distance - libalias may modify the
+         * packet and will update ip_len to reflect the new length.
+         */
+        if (iplen != RT_N2H_U16(ip->ip_len))
+        {
+            iplen = RT_N2H_U16(ip->ip_len);
+            m->m_len = iplen;
+            mlen = m->m_len;
+        }
+#endif
+    }
+
+    /*
+     * Convert fields to host representation.
+     */
+    NTOHS(ip->ip_len);
+    NTOHS(ip->ip_id);
+    NTOHS(ip->ip_off);
 
     /*