diff options
author | Klement Sekera <ksekera@cisco.com> | 2019-03-06 11:59:57 +0100 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2019-10-03 16:11:41 +0000 |
commit | 35a265ceaef4af68e4d1d817447b0b895176a6ff (patch) | |
tree | 45884086bdf037a1c87adebc515a03d1ebcad101 /src/vnet/ip/ip6_packet.h | |
parent | 09c91fe62775817a143a491ed999ddec30b8042b (diff) |
ip: respect buffer boundary when searching for ipv6 headers
Type: fix
Change-Id: I5a5461652f8115fa1270e20f748178fb5f5450f2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
(cherry picked from commit 769145cdbc28324bd0b6304951199ec3d6e0e883)
Diffstat (limited to 'src/vnet/ip/ip6_packet.h')
-rw-r--r-- | src/vnet/ip/ip6_packet.h | 104 |
1 files changed, 74 insertions, 30 deletions
diff --git a/src/vnet/ip/ip6_packet.h b/src/vnet/ip/ip6_packet.h index c1bd2aa3bf7..ed96ece1e7f 100644 --- a/src/vnet/ip/ip6_packet.h +++ b/src/vnet/ip/ip6_packet.h @@ -510,6 +510,7 @@ typedef CLIB_PACKED (struct { /* Length of this header plus option data in 8 byte units. */ u8 n_data_u64s; }) ip6_ext_header_t; +/* *INDENT-ON* */ #define foreach_ext_hdr_type \ _(IP6_HOP_BY_HOP_OPTIONS) \ @@ -522,12 +523,13 @@ typedef CLIB_PACKED (struct { _(HIP) \ _(SHIM6) -always_inline u8 ip6_ext_hdr(u8 nexthdr) +always_inline u8 +ip6_ext_hdr (u8 nexthdr) { #ifdef CLIB_HAVE_VEC128 static const u8x16 ext_hdr_types = { #define _(x) IP_PROTOCOL_##x, - foreach_ext_hdr_type + foreach_ext_hdr_type #undef _ }; @@ -536,9 +538,9 @@ always_inline u8 ip6_ext_hdr(u8 nexthdr) /* * find out if nexthdr is an extension header or a protocol */ - return 0 + return 0 #define _(x) || (nexthdr == IP_PROTOCOL_##x) - foreach_ext_hdr_type; + foreach_ext_hdr_type; #undef _ #endif } @@ -547,37 +549,79 @@ always_inline u8 ip6_ext_hdr(u8 nexthdr) #define ip6_ext_authhdr_len(p) ((((ip6_ext_header_t *)(p))->n_data_u64s+2) << 2) always_inline void * -ip6_ext_next_header (ip6_ext_header_t *ext_hdr ) -{ return (void *)((u8 *) ext_hdr + ip6_ext_header_len(ext_hdr)); } +ip6_ext_next_header (ip6_ext_header_t * ext_hdr) +{ + return (void *) ((u8 *) ext_hdr + ip6_ext_header_len (ext_hdr)); +} + +always_inline int +vlib_object_within_buffer_data (vlib_main_t * vm, vlib_buffer_t * b, + void *obj, size_t len) +{ + u8 *o = obj; + if (o < b->data || + o + len > b->data + vlib_buffer_get_default_data_size (vm)) + return 0; + return 1; +} /* - * Macro to find the IPv6 ext header of type t - * I is the IPv6 header - * P is the previous IPv6 ext header (NULL if none) - * M is the matched IPv6 ext header of type t + * find ipv6 extension header within ipv6 header within buffer b + * + * @param vm + * @param b buffer to limit search to + * @param ip6_header ipv6 header + * @param header_type extension header type to search for + * @param[out] prev_ext_header address of header preceding found header */ -#define ip6_ext_header_find_t(i, p, m, t) \ -if ((i)->protocol == t) \ -{ \ - (m) = (void *)((i)+1); \ - (p) = NULL; \ -} \ -else \ -{ \ - (m) = NULL; \ - (p) = (void *)((i)+1); \ - while (ip6_ext_hdr((p)->next_hdr) && \ - ((ip6_ext_header_t *)(p))->next_hdr != (t)) \ - { \ - (p) = ip6_ext_next_header((p)); \ - } \ - if ( ((p)->next_hdr) == (t)) \ - { \ - (m) = (void *)(ip6_ext_next_header((p))); \ - } \ +always_inline void * +ip6_ext_header_find (vlib_main_t * vm, vlib_buffer_t * b, + ip6_header_t * ip6_header, u8 header_type, + ip6_ext_header_t ** prev_ext_header) +{ + ip6_ext_header_t *prev = NULL; + ip6_ext_header_t *result = NULL; + if ((ip6_header)->protocol == header_type) + { + result = (void *) (ip6_header + 1); + if (!vlib_object_within_buffer_data (vm, b, result, + ip6_ext_header_len (result))) + { + result = NULL; + } + } + else + { + result = NULL; + prev = (void *) (ip6_header + 1); + while (ip6_ext_hdr (prev->next_hdr) && prev->next_hdr != header_type) + { + prev = ip6_ext_next_header (prev); + if (!vlib_object_within_buffer_data (vm, b, prev, + ip6_ext_header_len (prev))) + { + prev = NULL; + break; + } + } + if (prev && (prev->next_hdr == header_type)) + { + result = ip6_ext_next_header (prev); + if (!vlib_object_within_buffer_data (vm, b, result, + ip6_ext_header_len (result))) + { + result = NULL; + } + } + } + if (prev_ext_header) + { + *prev_ext_header = prev; + } + return result; } - +/* *INDENT-OFF* */ typedef CLIB_PACKED (struct { u8 next_hdr; /* Length of this header plus option data in 8 byte units. */ |