From 9e2a00248edab9c6d9bfca8de24f568d0a26f3fa Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Fri, 9 Aug 2019 09:36:06 +0200 Subject: Kernel: Do some basic sanity checking on IPv4 packet headers Ignore packets that are too small, or not as large as they claim to be. --- Kernel/Net/NetworkTask.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'Kernel/Net') diff --git a/Kernel/Net/NetworkTask.cpp b/Kernel/Net/NetworkTask.cpp index 288b7df32e..7bf0e3d1ca 100644 --- a/Kernel/Net/NetworkTask.cpp +++ b/Kernel/Net/NetworkTask.cpp @@ -72,8 +72,8 @@ void NetworkTask_main() continue; } auto& packet = packet_maybe_null.value(); - if (packet.size() < (int)(sizeof(EthernetFrameHeader))) { - kprintf("NetworkTask: Packet is too small to be an Ethernet packet! (%d)\n", packet.size()); + if (packet.size() < sizeof(EthernetFrameHeader)) { + kprintf("NetworkTask: Packet is too small to be an Ethernet packet! (%zu)\n", packet.size()); continue; } auto& eth = *(const EthernetFrameHeader*)packet.data(); @@ -185,10 +185,24 @@ void handle_ipv4(const EthernetFrameHeader& eth, int frame_size) constexpr int minimum_ipv4_frame_size = sizeof(EthernetFrameHeader) + sizeof(IPv4Packet); if (frame_size < minimum_ipv4_frame_size) { kprintf("handle_ipv4: Frame too small (%d, need %d)\n", frame_size, minimum_ipv4_frame_size); + hang(); return; } auto& packet = *static_cast(eth.payload()); + if (packet.length() < sizeof(IPv4Packet)) { + kprintf("handle_ipv4: IPv4 packet too short (%u, need %u)\n", packet.length(), sizeof(IPv4Packet)); + hang(); + return; + } + + size_t actual_ipv4_packet_length = frame_size - sizeof(EthernetFrameHeader); + if (packet.length() > actual_ipv4_packet_length) { + kprintf("handle_ipv4: IPv4 packet claims to be longer than it is (%u, actually %zu)\n", packet.length(), actual_ipv4_packet_length); + hang(); + return; + } + #ifdef IPV4_DEBUG kprintf("handle_ipv4: source=%s, target=%s\n", packet.source().to_string().characters(), -- cgit v1.2.3