From: Bertrand Jacquin <jacquinb@amazon.com>
Date: Wed, 13 Dec 2017 01:15:05 +0000 (+0000)
Subject: MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header
X-Git-Tag: v1.9-dev1~569
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=67de5a295c9f4693f0c65d69fed67a3618bee6dd;p=thirdparty%2Fhaproxy.git

MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header

There is minimal gain in checking first the IP header length and then
the TCP header length since we always want to capture information about
both protocols.

IPv4 length calculation was incorrect since IPv4 ip_len actually defines
the total length of IPv4 header and following data.
---

diff --git a/src/connection.c b/src/connection.c
index e716e80467..8d2fb77bed 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,9 +763,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
 		hdr_ip4 = (struct ip *)line;
 
-		if (trash.len < ntohs(hdr_ip4->ip_len)) {
+		if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
 			/* Fail if buffer length is not large enough to contain
-			 * IPv4 header */
+			 * IPv4 header, TCP header */
 			goto missing;
 		}
 		else if (hdr_ip4->ip_p != IPPROTO_TCP) {
@@ -773,11 +773,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 			conn->err_code = CO_ER_CIP_BAD_PROTO;
 			goto fail;
 		}
-		else if (trash.len < (20 + ntohs(hdr_ip4->ip_len))) {
-			/* Fail if buffer length is not large enough to contain
-			 * IPv4 header, TCP header */
-			goto missing;
-		}
 
 		hdr_tcp = (struct my_tcphdr *)(line + (hdr_ip4->ip_hl * 4));
 
@@ -798,9 +793,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
 		hdr_ip6 = (struct ip6_hdr *)line;
 
-		if (trash.len < 40) {
+		if (trash.len < 60) {
 			/* Fail if buffer length is not large enough to contain
-			 * IPv6 header */
+			 * IPv6 header, TCP header */
 			goto missing;
 		}
 		else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) {
@@ -808,11 +803,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 			conn->err_code = CO_ER_CIP_BAD_PROTO;
 			goto fail;
 		}
-		else if (trash.len < 60) {
-			/* Fail if buffer length is not large enough to contain
-			 * IPv6 header, TCP header */
-			goto missing;
-		}
 
 		hdr_tcp = (struct my_tcphdr *)(line + sizeof(struct ip6_hdr));