VirtualBox

Changeset 90196 in vbox for trunk/include


Ignore:
Timestamp:
Jul 14, 2021 8:00:10 PM (4 years ago)
Author:
vboxsync
Message:

Network: (bugref:10024) GSO UDP header fixes.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/VBox/vmm/pdmnetinline.h

    r90175 r90196  
    144144    { /* likely */ } else return false;
    145145    if (RT_LIKELY( cbFrame - pGso->cbHdrsTotal >= pGso->cbMaxSeg ))
     146    { /* likely */ } else return false;
     147
     148    /* Make sure the segment size is enough to fit a UDP header. */
     149    if (RT_LIKELY(enmType != PDMNETWORKGSOTYPE_IPV4_UDP || pGso->cbMaxSeg >= RTNETUDP_MIN_LEN))
    146150    { /* likely */ } else return false;
    147151
     
    450454        case PDMNETWORKGSOTYPE_IPV4_UDP:
    451455            if (iSeg == 0)
     456            {
     457                /* uh_ulen shall not exceed cbFrame - pGso->offHdr2 (offset of UDP header) */
     458                PRTNETUDP pUdpHdr = (PRTNETUDP)&pbFrame[pGso->offHdr2];
     459                Assert(pGso->offHdr2 + RT_UOFFSET_AFTER(RTNETUDP, uh_ulen) <= cbFrame);
     460                if ((unsigned)(pGso->offHdr2 + RT_BE2H_U16(pUdpHdr->uh_ulen)) > cbFrame)
     461                {
     462                    size_t cbUdp = cbFrame - pGso->offHdr2;
     463                    if (cbUdp >= UINT16_MAX)
     464                        pUdpHdr->uh_ulen = UINT16_MAX;
     465                    else
     466                        pUdpHdr->uh_ulen = RT_H2BE_U16((uint16_t)cbUdp);
     467                }
     468                /* uh_ulen shall be at least the size of UDP header */
     469                if (RT_BE2H_U16(pUdpHdr->uh_ulen) < sizeof(RTNETUDP))
     470                    pUdpHdr->uh_ulen = RT_H2BE_U16(sizeof(RTNETUDP));
    452471                pdmNetGsoUpdateUdpHdrUfo(RTNetIPv4PseudoChecksum((PRTNETIPV4)&pbFrame[pGso->offHdr1]),
    453472                                         pbSegHdrs, pbFrame, pGso->offHdr2);
     473            }
    454474            pdmNetGsoUpdateIPv4HdrUfo(pbSegHdrs, pGso->offHdr1, cbSegPayload, iSeg * pGso->cbMaxSeg,
    455475                                      pdmNetSegHdrLen(pGso, iSeg), iSeg + 1 == cSegs);
     
    560580                        pUdpHdr->uh_ulen = RT_H2BE_U16((uint16_t)cbUdp);
    561581                }
     582                /* uh_ulen shall be at least the size of UDP header */
     583                if (RT_BE2H_U16(pUdpHdr->uh_ulen) < sizeof(RTNETUDP))
     584                    pUdpHdr->uh_ulen = RT_H2BE_U16(sizeof(RTNETUDP));
    562585                pdmNetGsoUpdateUdpHdrUfo(RTNetIPv4PseudoChecksum((PRTNETIPV4)&pbFrame[pGso->offHdr1]),
    563586                                         pbSegHdrs, pbFrame, pGso->offHdr2);
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette