[v4_1_esv] Corrected error in UDP bad packet logging

    Merges in rt36897, minus the counter reset after every five packets.
    This eliminates the divide-by-zero issue but does not alter the outward
    behavior.

diff --git a/RELNOTES b/RELNOTES
index 8a286d3b39087f01e6c813d0662766bc594fb5bc..8b44c69b73880934bd54fcca461725ddfb6a9b20 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -59,6 +59,9 @@ by Eric Young (eay@cryptsoft.com).
 
                        Changes since 4.1.-ESV
 
+- Corrected rate limiting checks for bad packet logging.
+  [ISC-Bugs #36897]
+
 - Addressed Coverity issues reported as of 07-31-2014:
   [ISC-Bugs #36712] Corrects Coverity reported "high" impact issues
   [ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues

diff --git a/common/packet.c b/common/packet.c
index 45e96e82c382e348915e565aa04dee417a8af79b..0f105276409b05154963dc916e354292b858e6f9 100644 (file)
--- a/common/packet.c
+++ b/common/packet.c
@@ -3,7 +3,7 @@
    Packet assembly code, originally contributed by Archie Cobbs. */
 
 /*
- * Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
@@ -234,12 +234,12 @@ decode_udp_ip_header(struct interface_info *interface,
   unsigned char *upp, *endbuf;
   u_int32_t ip_len, ulen, pkt_len;
   u_int32_t sum, usum;
-  static int ip_packets_seen;
-  static int ip_packets_bad_checksum;
-  static int udp_packets_seen;
-  static int udp_packets_bad_checksum;
-  static int udp_packets_length_checked;
-  static int udp_packets_length_overflow;
+  static unsigned int ip_packets_seen = 0;
+  static unsigned int ip_packets_bad_checksum = 0;
+  static unsigned int udp_packets_seen = 0;
+  static unsigned int udp_packets_bad_checksum = 0;
+  static unsigned int udp_packets_length_checked = 0;
+  static unsigned int udp_packets_length_overflow = 0;
   unsigned len;
 
   /* Designate the end of the input buffer for bounds checks. */
@@ -287,10 +287,10 @@ decode_udp_ip_header(struct interface_info *interface,
   udp_packets_length_checked++;
   if ((upp + ulen) > endbuf) {
        udp_packets_length_overflow++;
-       if ((udp_packets_length_checked > 4) &&
-           ((udp_packets_length_checked /
-             udp_packets_length_overflow) < 2)) {
-               log_info("%d udp packets in %d too long - dropped",
+       if (((udp_packets_length_checked > 4) &&
+            (udp_packets_length_overflow != 0)) &&
+           ((udp_packets_length_checked / udp_packets_length_overflow) < 2)) {
+               log_info("%u udp packets in %u too long - dropped",
                         udp_packets_length_overflow,
                         udp_packets_length_checked);
                udp_packets_length_overflow = 0;
@@ -299,16 +299,13 @@ decode_udp_ip_header(struct interface_info *interface,
        return -1;
   }
 
-  if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf))
-       return -1;
-
   /* Check the IP header checksum - it should be zero. */
-  ++ip_packets_seen;
+  ip_packets_seen++;
   if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
          ++ip_packets_bad_checksum;
-         if (ip_packets_seen > 4 &&
-             (ip_packets_seen / ip_packets_bad_checksum) < 2) {
-                 log_info ("%d bad IP checksums seen in %d packets",
+         if (((ip_packets_seen > 4) && (ip_packets_bad_checksum != 0)) &&
+             ((ip_packets_seen / ip_packets_bad_checksum) < 2)) {
+                 log_info ("%u bad IP checksums seen in %u packets",
                            ip_packets_bad_checksum, ip_packets_seen);
                  ip_packets_seen = ip_packets_bad_checksum = 0;
          }
@@ -339,9 +336,9 @@ decode_udp_ip_header(struct interface_info *interface,
   udp_packets_seen++;
   if (usum && usum != sum) {
          udp_packets_bad_checksum++;
-         if (udp_packets_seen > 4 &&
-             (udp_packets_seen / udp_packets_bad_checksum) < 2) {
-                 log_info ("%d bad udp checksums in %d packets",
+         if (((udp_packets_seen > 4) && (udp_packets_bad_checksum != 0)) &&
+             ((udp_packets_seen / udp_packets_bad_checksum) < 2)) {
+                 log_info ("%u bad udp checksums in %u packets",
                            udp_packets_bad_checksum, udp_packets_seen);
                  udp_packets_seen = udp_packets_bad_checksum = 0;
          }