From: Bertrand Jacquin <jacquinb@amazon.com>
Date: Wed, 13 Dec 2017 01:29:56 +0000 (+0000)
Subject: MEDIUM: netscaler: do not analyze original IP packet size
X-Git-Tag: v1.9-dev1~568
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a341a2f479745adb486b153af61958f35f5612b0;p=thirdparty%2Fhaproxy.git

MEDIUM: netscaler: do not analyze original IP packet size

Original informations about the client are stored in the CIP encapsulated
IP header, hence there is no need to consider original IP packet length
to determine if data are missing. Instead this change detect missing
data if the remaining buffer is large enough to contain a minimal IP and
TCP header and if the buffer has as much data as CIP is telling.
---

diff --git a/src/connection.c b/src/connection.c
index 8d2fb77bed..58bf4a5f85 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,7 +763,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
 		hdr_ip4 = (struct ip *)line;
 
-		if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
+		if (trash.len < 40 || trash.len < hdr_len) {
 			/* Fail if buffer length is not large enough to contain
 			 * IPv4 header, TCP header */
 			goto missing;
@@ -793,7 +793,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
 		hdr_ip6 = (struct ip6_hdr *)line;
 
-		if (trash.len < 60) {
+		if (trash.len < 60 || trash.len < hdr_len) {
 			/* Fail if buffer length is not large enough to contain
 			 * IPv6 header, TCP header */
 			goto missing;