summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-04-24 00:33:56 +0000
committergVisor bot <gvisor-bot@google.com>2020-04-24 00:33:56 +0000
commitc860716ef867306f28feccf25ab9c0066e3c5ffb (patch)
tree02ef0516b5fea1e5be8723d1c1999aa22f145282 /pkg/sentry
parent4b90fa57811fd8ad60e10cfe8fa0fca9edb7522c (diff)
parenteccae0f77d3708d591119488f427eca90de7c711 (diff)
Merge release-20200323.0-227-geccae0f (automated)
Diffstat (limited to 'pkg/sentry')
-rwxr-xr-xpkg/sentry/socket/netfilter/tcp_matcher.go5
-rwxr-xr-xpkg/sentry/socket/netfilter/udp_matcher.go5
2 files changed, 6 insertions, 4 deletions
diff --git a/pkg/sentry/socket/netfilter/tcp_matcher.go b/pkg/sentry/socket/netfilter/tcp_matcher.go
index ff1cfd8f6..55c0f04f3 100755
--- a/pkg/sentry/socket/netfilter/tcp_matcher.go
+++ b/pkg/sentry/socket/netfilter/tcp_matcher.go
@@ -121,12 +121,13 @@ func (tm *TCPMatcher) Match(hook stack.Hook, pkt stack.PacketBuffer, interfaceNa
tcpHeader = header.TCP(pkt.TransportHeader)
} else {
// The TCP header hasn't been parsed yet. We have to do it here.
- if len(pkt.Data.First()) < header.TCPMinimumSize {
+ hdr, ok := pkt.Data.PullUp(header.TCPMinimumSize)
+ if !ok {
// There's no valid TCP header here, so we hotdrop the
// packet.
return false, true
}
- tcpHeader = header.TCP(pkt.Data.First())
+ tcpHeader = header.TCP(hdr)
}
// Check whether the source and destination ports are within the
diff --git a/pkg/sentry/socket/netfilter/udp_matcher.go b/pkg/sentry/socket/netfilter/udp_matcher.go
index 3359418c1..04d03d494 100755
--- a/pkg/sentry/socket/netfilter/udp_matcher.go
+++ b/pkg/sentry/socket/netfilter/udp_matcher.go
@@ -120,12 +120,13 @@ func (um *UDPMatcher) Match(hook stack.Hook, pkt stack.PacketBuffer, interfaceNa
udpHeader = header.UDP(pkt.TransportHeader)
} else {
// The UDP header hasn't been parsed yet. We have to do it here.
- if len(pkt.Data.First()) < header.UDPMinimumSize {
+ hdr, ok := pkt.Data.PullUp(header.UDPMinimumSize)
+ if !ok {
// There's no valid UDP header here, so we hotdrop the
// packet.
return false, true
}
- udpHeader = header.UDP(pkt.Data.First())
+ udpHeader = header.UDP(hdr)
}
// Check whether the source and destination ports are within the