mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
paranoid checks for bad packets in tcp layer. Close the socket if it gets a bad packet
(This used to be ctdb commit 1277089e5c6e1036517c63ee8c8e4ff98cb76cf8)
This commit is contained in:
parent
2b86216b66
commit
9aa692669b
@ -347,26 +347,6 @@ static void ctdb_recv_pkt(struct ctdb_context *ctdb, uint8_t *data, uint32_t len
|
||||
|
||||
ctdb->status.node_packets_recv++;
|
||||
|
||||
if (length < sizeof(*hdr)) {
|
||||
ctdb_set_error(ctdb, "Bad packet length %u\n", length);
|
||||
return;
|
||||
}
|
||||
if (length != hdr->length) {
|
||||
ctdb_set_error(ctdb, "Bad header length %u expected %u\n",
|
||||
hdr->length, length);
|
||||
return;
|
||||
}
|
||||
|
||||
if (hdr->ctdb_magic != CTDB_MAGIC) {
|
||||
ctdb_set_error(ctdb, "Non CTDB packet rejected\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if (hdr->ctdb_version != CTDB_VERSION) {
|
||||
ctdb_set_error(ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version);
|
||||
return;
|
||||
}
|
||||
|
||||
/* up the counter for this source node, so we know its alive */
|
||||
if (ctdb_validate_vnn(ctdb, hdr->srcnode)) {
|
||||
/* as a special case, redirected calls don't increment the rx_cnt */
|
||||
|
@ -34,38 +34,48 @@
|
||||
void ctdb_tcp_read_cb(uint8_t *data, size_t cnt, void *args)
|
||||
{
|
||||
struct ctdb_incoming *in = talloc_get_type(args, struct ctdb_incoming);
|
||||
struct ctdb_req_header *hdr;
|
||||
struct ctdb_req_header *hdr = (struct ctdb_req_header *)data;
|
||||
|
||||
if (data == NULL) {
|
||||
/* incoming socket has died */
|
||||
talloc_free(in);
|
||||
return;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (cnt < sizeof(*hdr)) {
|
||||
ctdb_set_error(in->ctdb, "Bad packet length %u\n", (unsigned)cnt);
|
||||
return;
|
||||
DEBUG(0,(__location__ " Bad packet length %u\n", (unsigned)cnt));
|
||||
goto failed;
|
||||
}
|
||||
hdr = (struct ctdb_req_header *)data;
|
||||
|
||||
if (cnt & (CTDB_TCP_ALIGNMENT-1)) {
|
||||
DEBUG(0,(__location__ " Length 0x%x not multiple of alignment\n", cnt));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
|
||||
if (cnt != hdr->length) {
|
||||
ctdb_set_error(in->ctdb, "Bad header length %u expected %u\n",
|
||||
(unsigned)hdr->length, (unsigned)cnt);
|
||||
return;
|
||||
DEBUG(0,(__location__ " Bad header length %u expected %u\n",
|
||||
(unsigned)hdr->length, (unsigned)cnt));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (hdr->ctdb_magic != CTDB_MAGIC) {
|
||||
ctdb_set_error(in->ctdb, "Non CTDB packet rejected\n");
|
||||
return;
|
||||
DEBUG(0,(__location__ " Non CTDB packet 0x%x rejected\n",
|
||||
hdr->ctdb_magic));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (hdr->ctdb_version != CTDB_VERSION) {
|
||||
ctdb_set_error(in->ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version);
|
||||
return;
|
||||
DEBUG(0, (__location__ " Bad CTDB version 0x%x rejected\n",
|
||||
hdr->ctdb_version));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* most common case - we got a whole packet in one go
|
||||
tell the ctdb layer above that we have a packet */
|
||||
/* tell the ctdb layer above that we have a packet */
|
||||
in->ctdb->upcalls->recv_pkt(in->ctdb, data, cnt);
|
||||
return;
|
||||
|
||||
failed:
|
||||
talloc_free(in);
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user