ip: reassembly: drop zero length fragments

Zero length fragments are invalid and should be dropped. This patch adds
that.

Type: improvement
Change-Id: Ic6466c39ca8bf376efe06bb3b7f5d7f1ae812866
Signed-off-by: Klement Sekera <ksekera@cisco.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/vnet/ip/reass/ip6_full_reass.c b/src/vnet/ip/reass/ip6_full_reass.c
index fc7fa180ab0..c9509e3345e 100644
--- a/src/vnet/ip/reass/ip6_full_reass.c
+++ b/src/vnet/ip/reass/ip6_full_reass.c
@@ -41,6 +41,7 @@ typedef enum
   IP6_FULL_REASS_RC_TOO_MANY_FRAGMENTS,
   IP6_FULL_REASS_RC_NO_BUF,
   IP6_FULL_REASS_RC_HANDOFF,
+  IP6_FULL_REASS_RC_INVALID_FRAG_LEN,
 } ip6_full_reass_rc_t;
 
 typedef struct
@@ -888,6 +889,10 @@ ip6_full_reass_update (vlib_main_t *vm, vlib_node_runtime_t *node,
   u32 fragment_length =
     vlib_buffer_length_in_chain (vm, fb) -
     (fvnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
+  if (0 == fragment_length)
+    {
+      return IP6_FULL_REASS_RC_INVALID_FRAG_LEN;
+    }
   u32 fragment_last = fvnb->ip.reass.fragment_last =
     fragment_first + fragment_length - 1;
   int more_fragments = ip6_frag_hdr_more (frag_hdr);
@@ -1207,6 +1212,9 @@ ip6_full_reassembly_inline (vlib_main_t * vm,
 		case IP6_FULL_REASS_RC_INTERNAL_ERROR:
 		  counter = IP6_ERROR_REASS_INTERNAL_ERROR;
 		  break;
+		case IP6_FULL_REASS_RC_INVALID_FRAG_LEN:
+		  counter = IP6_ERROR_REASS_INVALID_FRAG_LEN;
+		  break;
 		}
 	      if (~0 != counter)
 		{