summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ping.c
diff options
context:
space:
mode:
authorAndrew Yourtchenko <ayourtch@gmail.com>2017-01-28 15:31:19 +0000
committerNeale Ranns <nranns@cisco.com>2017-01-30 19:52:53 +0000
commit61459c9be0f620f738cf049b1b33e1a2d13dc9a6 (patch)
tree21932acc828c09e8b9b00ed1d8587d2b94a45224 /src/vnet/ip/ping.c
parentd03798c4eb860c30945c4ce881d2889a43ed4a93 (diff)
VPP-621: ping: ICMP echo data size must be bounded by VLIB_BUFFER_DATA_SIZE minus headers.
Before the commit 878c6098 the VLIB_BUFFER_DATA_SIZE was different depending on whether building "vpp" or "vpp_lite", resulting in an overrun in vpp_lite build. Avoid the hardcoded value and make the upper bound for ICMP echo data size dependent on the buffer size. Change-Id: Id6c4d7fc73766a95af2610eb237881b5fe9ce9aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vnet/ip/ping.c')
-rw-r--r--src/vnet/ip/ping.c30
1 files changed, 21 insertions, 9 deletions
diff --git a/src/vnet/ip/ping.c b/src/vnet/ip/ping.c
index 88882629426..00e2bfb18e2 100644
--- a/src/vnet/ip/ping.c
+++ b/src/vnet/ip/ping.c
@@ -13,6 +13,7 @@
* limitations under the License.
*/
+#include <stddef.h>
#include <vnet/ip/ping.h>
#include <vnet/fib/ip6_fib.h>
#include <vnet/fib/ip4_fib.h>
@@ -243,15 +244,10 @@ init_icmp46_echo_request (icmp46_echo_request_t * icmp46_echo,
icmp46_echo->seq = clib_host_to_net_u16 (seq_host);
icmp46_echo->id = clib_host_to_net_u16 (id_host);
- for (i = 0; i < sizeof (icmp46_echo->data); i++)
- {
- icmp46_echo->data[i] = i % 256;
- }
-
- if (data_len > sizeof (icmp46_echo_request_t))
- {
- data_len = sizeof (icmp46_echo_request_t);
- }
+ if (data_len > PING_MAXIMUM_DATA_SIZE)
+ data_len = PING_MAXIMUM_DATA_SIZE;
+ for (i = 0; i < data_len; i++)
+ icmp46_echo->data[i] = i % 256;
return data_len;
}
@@ -267,11 +263,15 @@ send_ip6_ping (vlib_main_t * vm, ip6_main_t * im,
vlib_buffer_t *p0;
vlib_frame_t *f;
u32 *to_next;
+ vlib_buffer_free_list_t *fl;
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
return SEND_PING_ALLOC_FAIL;
p0 = vlib_get_buffer (vm, bi0);
+ fl = vlib_buffer_get_free_list (vm, VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX);
+ vlib_buffer_init_for_free_list (p0, fl);
+ VLIB_BUFFER_TRACE_TRAJECTORY_INIT (p0);
/*
* if the user did not provide a source interface, use the any interface
@@ -376,11 +376,15 @@ send_ip4_ping (vlib_main_t * vm,
vlib_frame_t *f;
u32 *to_next;
u32 if_add_index0;
+ vlib_buffer_free_list_t *fl;
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
return SEND_PING_ALLOC_FAIL;
p0 = vlib_get_buffer (vm, bi0);
+ fl = vlib_buffer_get_free_list (vm, VLIB_BUFFER_DEFAULT_FREE_LIST_INDEX);
+ vlib_buffer_init_for_free_list (p0, fl);
+ VLIB_BUFFER_TRACE_TRAJECTORY_INIT (p0);
/*
* if the user did not provide a source interface, use the any interface
@@ -759,6 +763,14 @@ ping_ip_address (vlib_main_t * vm,
format_unformat_error, input);
goto done;
}
+ if (data_len > PING_MAXIMUM_DATA_SIZE)
+ {
+ error =
+ clib_error_return (0,
+ "%d is bigger than maximum allowed payload size %d",
+ data_len, PING_MAXIMUM_DATA_SIZE);
+ goto done;
+ }
}
else if (unformat (input, "table-id"))
{