[pve-devel] applied: [PATCH v2 firewall] fix #2178: endless loop on ipv6 extension headers
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Apr 18 13:28:29 CEST 2019
applied
On Wed, Apr 17, 2019 at 04:44:16PM +0200, Mira Limbeck wrote:
> increment header and decrement payload size by the extensions size. the
> length calculation is different for some extensions. in our case only
> IPPROTO_FRAGMENT requires a different size calculation than the rest. in
> addition 'proto' is now set in the loop when advancing from an
> extension header. it moves on to the next extension or protocol now
> instead of looping on the same 'proto' while advancing the payload.
>
> Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
> ---
> src/pvefw-logger.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/pvefw-logger.c b/src/pvefw-logger.c
> index f77f56f..181d5f1 100644
> --- a/src/pvefw-logger.c
> +++ b/src/pvefw-logger.c
> @@ -575,6 +575,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
> return 0;
>
> struct ip6_ext *exthdr = (struct ip6_ext*)hdr;
> + int ext_len = 0;
>
> switch (proto) {
> /* protocols (these return) */
> @@ -601,6 +602,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
> return -1;
> if (print_fragment(le, (struct ip6_frag*)hdr, payload_len) < 0)
> return -1;
> + ext_len = sizeof(struct ip6_frag);
> break;
> case IPPROTO_HOPOPTS:
> LEPRINTF("NEXTHDR=HOPOPTS ");
> @@ -628,8 +630,12 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
> /* next header: */
> if (check_ip6ext(le, exthdr, payload_len) < 0)
> return -1;
> - hdr += exthdr->ip6e_len;
> - payload_len -= exthdr->ip6e_len;
> + if(ext_len == 0) {
> + ext_len = (exthdr->ip6e_len+1) * 8;
> + }
> + hdr += ext_len;
> + payload_len -= ext_len;
> + proto = exthdr->ip6e_nxt;
> }
> }
>
> --
> 2.11.0
More information about the pve-devel
mailing list