MINOR: quic: Avoid cc priv buffer overflow.

Add two initcall callback with BUG_ON_HOT() to newro and cubic modules to
ensure there is no buffer overflow when accessing the private data of
these congestion control algorithm state structures. This is to ensure
that further modifications about these data structures will not
lead to surprises. At this time there is no possible buffer overflow.

diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c
index 4bd1a7ce422df2f48613f891d468f8a6ffd406b4..51d11b11c2cac244257422a68594b6ce29c57109 100644 (file)
--- a/src/quic_cc_cubic.c
+++ b/src/quic_cc_cubic.c
@@ -640,3 +640,11 @@ struct quic_cc_algo quic_cc_algo_cubic = {
        .hystart_start_round = quic_cc_cubic_hystart_start_round,
        .state_trace = quic_cc_cubic_state_trace,
 };
+
+void quic_cc_cubic_check(void)
+{
+       struct quic_cc *cc;
+       BUG_ON_HOT(sizeof(struct cubic) > sizeof(cc->priv));
+}
+
+INITCALL0(STG_REGISTER, quic_cc_cubic_check);

diff --git a/src/quic_cc_newreno.c b/src/quic_cc_newreno.c
index ca298776c43d93ba3cab33fa32e83a73f0decc21..4d035b551132f33ca8a4c8bdcf732ea036e4bb4f 100644 (file)
--- a/src/quic_cc_newreno.c
+++ b/src/quic_cc_newreno.c
@@ -223,3 +223,10 @@ struct quic_cc_algo quic_cc_algo_nr = {
        .state_trace = quic_cc_nr_state_trace,
 };
 
+void quic_cc_nr_check(void)
+{
+       struct quic_cc *cc;
+       BUG_ON_HOT(sizeof(struct nr) > sizeof(cc->priv));
+}
+
+INITCALL0(STG_REGISTER, quic_cc_nr_check);