Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-03-06 00:58:15 +03:00
Code Releases Activity

fix #2178: endless loop on ipv6 extension headers

Browse Source 
increment header and decrement payload size by the extensions size. the
length calculation is different for some extensions. in our case only
IPPROTO_FRAGMENT requires a different size calculation than the rest. in
addition 'proto' is now set in the loop when advancing from an
extension header. it moves on to the next extension or protocol now
instead of looping on the same 'proto' while advancing the payload.

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
This commit is contained in:
Mira Limbeck 2019-04-17 16:44:16 +02:00 committed by Wolfgang Bumiller
parent 2f46ee4f78
commit 98bd53b6dc
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/pvefw-logger.c
View File

@ -575,6 +575,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
return 0;
struct ip6_ext *exthdr = (struct ip6_ext*)hdr;
int ext_len = 0;
switch (proto) {
/* protocols (these return) */
@ -601,6 +602,7 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
return -1;
if (print_fragment(le, (struct ip6_frag*)hdr, payload_len) < 0)
return -1;
ext_len = sizeof(struct ip6_frag);
break;
case IPPROTO_HOPOPTS:
LEPRINTF("NEXTHDR=HOPOPTS ");
@ -628,8 +630,12 @@ print_nexthdr(struct log_entry *le, char *hdr, int payload_len, u_int8_t proto)
/* next header: */
if (check_ip6ext(le, exthdr, payload_len) < 0)
return -1;
hdr += exthdr->ip6e_len;
payload_len -= exthdr->ip6e_len;
if(ext_len == 0) {
ext_len = (exthdr->ip6e_len+1) * 8;
}
hdr += ext_len;
payload_len -= ext_len;
proto = exthdr->ip6e_nxt;
}
}