diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-04-24 00:33:56 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-04-24 00:33:56 +0000 |
commit | c860716ef867306f28feccf25ab9c0066e3c5ffb (patch) | |
tree | 02ef0516b5fea1e5be8723d1c1999aa22f145282 /pkg/sentry | |
parent | 4b90fa57811fd8ad60e10cfe8fa0fca9edb7522c (diff) | |
parent | eccae0f77d3708d591119488f427eca90de7c711 (diff) |
Merge release-20200323.0-227-geccae0f (automated)
Diffstat (limited to 'pkg/sentry')
-rwxr-xr-x | pkg/sentry/socket/netfilter/tcp_matcher.go | 5 | ||||
-rwxr-xr-x | pkg/sentry/socket/netfilter/udp_matcher.go | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/pkg/sentry/socket/netfilter/tcp_matcher.go b/pkg/sentry/socket/netfilter/tcp_matcher.go index ff1cfd8f6..55c0f04f3 100755 --- a/pkg/sentry/socket/netfilter/tcp_matcher.go +++ b/pkg/sentry/socket/netfilter/tcp_matcher.go @@ -121,12 +121,13 @@ func (tm *TCPMatcher) Match(hook stack.Hook, pkt stack.PacketBuffer, interfaceNa tcpHeader = header.TCP(pkt.TransportHeader) } else { // The TCP header hasn't been parsed yet. We have to do it here. - if len(pkt.Data.First()) < header.TCPMinimumSize { + hdr, ok := pkt.Data.PullUp(header.TCPMinimumSize) + if !ok { // There's no valid TCP header here, so we hotdrop the // packet. return false, true } - tcpHeader = header.TCP(pkt.Data.First()) + tcpHeader = header.TCP(hdr) } // Check whether the source and destination ports are within the diff --git a/pkg/sentry/socket/netfilter/udp_matcher.go b/pkg/sentry/socket/netfilter/udp_matcher.go index 3359418c1..04d03d494 100755 --- a/pkg/sentry/socket/netfilter/udp_matcher.go +++ b/pkg/sentry/socket/netfilter/udp_matcher.go @@ -120,12 +120,13 @@ func (um *UDPMatcher) Match(hook stack.Hook, pkt stack.PacketBuffer, interfaceNa udpHeader = header.UDP(pkt.TransportHeader) } else { // The UDP header hasn't been parsed yet. We have to do it here. - if len(pkt.Data.First()) < header.UDPMinimumSize { + hdr, ok := pkt.Data.PullUp(header.UDPMinimumSize) + if !ok { // There's no valid UDP header here, so we hotdrop the // packet. return false, true } - udpHeader = header.UDP(pkt.Data.First()) + udpHeader = header.UDP(hdr) } // Check whether the source and destination ports are within the |