diff options
author | gVisor bot <gvisor-bot@google.com> | 2019-10-10 22:17:27 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-10-10 22:17:27 +0000 |
commit | a738d4999a26215ac154a4144591a23ca1dd2865 (patch) | |
tree | 4c0ffc5012422ce0ee65781dc33c8bdf7d1e3203 /pkg/tcpip/network/ipv4 | |
parent | f308139cc31cf69ec33b2649a518bfc7f72f068a (diff) | |
parent | c7e901f47a09eaac56bd4813227edff016fa6bff (diff) |
Merge release-20190806.1-262-gc7e901f (automated)
Diffstat (limited to 'pkg/tcpip/network/ipv4')
-rw-r--r-- | pkg/tcpip/network/ipv4/ipv4.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/pkg/tcpip/network/ipv4/ipv4.go b/pkg/tcpip/network/ipv4/ipv4.go index 162aa1b4d..fb6358fbb 100644 --- a/pkg/tcpip/network/ipv4/ipv4.go +++ b/pkg/tcpip/network/ipv4/ipv4.go @@ -296,6 +296,7 @@ func (e *endpoint) HandlePacket(r *stack.Route, vv buffer.VectorisedView) { headerView := vv.First() h := header.IPv4(headerView) if !h.IsValid(vv.Size()) { + r.Stats().IP.MalformedPacketsReceived.Increment() return } @@ -306,8 +307,23 @@ func (e *endpoint) HandlePacket(r *stack.Route, vv buffer.VectorisedView) { more := (h.Flags() & header.IPv4FlagMoreFragments) != 0 if more || h.FragmentOffset() != 0 { + if vv.Size() == 0 { + // Drop the packet as it's marked as a fragment but has + // no payload. + r.Stats().IP.MalformedPacketsReceived.Increment() + r.Stats().IP.MalformedFragmentsReceived.Increment() + return + } // The packet is a fragment, let's try to reassemble it. last := h.FragmentOffset() + uint16(vv.Size()) - 1 + // Drop the packet if the fragmentOffset is incorrect. i.e the + // combination of fragmentOffset and vv.size() causes a wrap + // around resulting in last being less than the offset. + if last < h.FragmentOffset() { + r.Stats().IP.MalformedPacketsReceived.Increment() + r.Stats().IP.MalformedFragmentsReceived.Increment() + return + } var ready bool vv, ready = e.fragmentation.Process(hash.IPv4FragmentHash(h), h.FragmentOffset(), last, more, vv) if !ready { |