|
|
@@ -0,0 +1,45 @@
|
|
|
+From 737925113363b6130879729cdff9ccc46c33eaea Mon Sep 17 00:00:00 2001
|
|
|
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
+Date: Mon, 19 Oct 2020 21:08:16 +0200
|
|
|
+Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
|
|
|
+
|
|
|
+For fastd versions before v20, this was just a memory leak (which could
|
|
|
+still be used for DoS, as it's remotely triggerable). With the new
|
|
|
+buffer management of fastd v20, this will trigger an assertion failure
|
|
|
+instead as soon as the buffer pool is empty.
|
|
|
+
|
|
|
+[Retrieved from:
|
|
|
+https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea]
|
|
|
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
|
+---
|
|
|
+ src/receive.c | 10 ++++++++++
|
|
|
+ 1 file changed, 10 insertions(+)
|
|
|
+
|
|
|
+diff --git a/src/receive.c b/src/receive.c
|
|
|
+index 043c9f2..6bca9f4 100644
|
|
|
+--- a/src/receive.c
|
|
|
++++ b/src/receive.c
|
|
|
+@@ -169,6 +169,11 @@ static inline void handle_socket_receive_known(
|
|
|
+
|
|
|
+ case PACKET_HANDSHAKE:
|
|
|
+ fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
|
|
|
++ break;
|
|
|
++
|
|
|
++ default:
|
|
|
++ fastd_buffer_free(buffer);
|
|
|
++ pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+@@ -195,6 +200,11 @@ static inline void handle_socket_receive_unknown(
|
|
|
+
|
|
|
+ case PACKET_HANDSHAKE:
|
|
|
+ fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
|
|
|
++ break;
|
|
|
++
|
|
|
++ default:
|
|
|
++ fastd_buffer_free(buffer);
|
|
|
++ pr_debug("received packet with invalid type from unknown address %I", remote_addr);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
Fabrice Fontaine