Babel: Make sure intervals do not overflow

Intervals are carried as 16-bit centisecond values, but kept internally
in 16-bit second values, which causes a potential for overflow. This adds
some checks to make sure this does not happen.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

diff --git a/proto/babel/babel.h b/proto/babel/babel.h
index aea0dd887169e6f38c3772bfa45a5314491ccbe4..7b5037ab9223244b70954dd41f1660a85e362eed 100644 (file)
--- a/proto/babel/babel.h
+++ b/proto/babel/babel.h
@@ -50,10 +50,12 @@
 #define BABEL_INITIAL_HOP_COUNT                255
 #define BABEL_MAX_SEND_INTERVAL                5
 #define BABEL_TIME_UNITS               100     /* On-wire times are counted in centiseconds */
-
 #define BABEL_SEQNO_REQUEST_EXPIRY     60
 #define BABEL_GARBAGE_INTERVAL         300
 
+/* Max interval that will not overflow when carried as 16-bit centiseconds */
+#define BABEL_MAX_INTERVAL             (0xFFFF/BABEL_TIME_UNITS)
+
 #define BABEL_OVERHEAD         (SIZE_OF_IP_HEADER+UDP_HEADER_LENGTH)
 #define BABEL_MIN_MTU          (512 + BABEL_OVERHEAD)
 

diff --git a/proto/babel/config.Y b/proto/babel/config.Y
index e7ce6a9385f8ee44ed3c53998b55283a01f14c65..b6170852a14fe6fcf1fbb8eff5eb8e35556c9aa4 100644 (file)
--- a/proto/babel/config.Y
+++ b/proto/babel/config.Y
@@ -77,17 +77,18 @@ babel_iface_finish:
       BABEL_IFACE->rxcost = BABEL_RXCOST_WIRED;
   }
 
+  /* Make sure we do not overflow the 16-bit centisec fields */
   if (!BABEL_IFACE->update_interval)
-    BABEL_IFACE->update_interval = BABEL_IFACE->hello_interval*BABEL_UPDATE_INTERVAL_FACTOR;
-  BABEL_IFACE->ihu_interval = BABEL_IFACE->hello_interval*BABEL_IHU_INTERVAL_FACTOR;
+    BABEL_IFACE->update_interval = MIN_(BABEL_IFACE->hello_interval*BABEL_UPDATE_INTERVAL_FACTOR, BABEL_MAX_INTERVAL);
+  BABEL_IFACE->ihu_interval = MIN_(BABEL_IFACE->hello_interval*BABEL_IHU_INTERVAL_FACTOR, BABEL_MAX_INTERVAL);
 };
 
 
 babel_iface_item:
  | PORT expr { BABEL_IFACE->port = $2; if (($2<1) || ($2>65535)) cf_error("Invalid port number"); }
  | RXCOST expr { BABEL_IFACE->rxcost = $2; if (($2<1) || ($2>65535)) cf_error("Invalid rxcost"); }
- | HELLO INTERVAL expr { BABEL_IFACE->hello_interval = $3; if (($3<1) || ($3>65535)) cf_error("Invalid hello interval"); }
- | UPDATE INTERVAL expr { BABEL_IFACE->update_interval = $3; if (($3<1) || ($3>65535)) cf_error("Invalid hello interval"); }
+ | HELLO INTERVAL expr { BABEL_IFACE->hello_interval = $3; if (($3<1) || ($3>BABEL_MAX_INTERVAL)) cf_error("Invalid hello interval"); }
+ | UPDATE INTERVAL expr { BABEL_IFACE->update_interval = $3; if (($3<1) || ($3>BABEL_MAX_INTERVAL)) cf_error("Invalid update interval"); }
  | TYPE WIRED { BABEL_IFACE->type = BABEL_IFACE_TYPE_WIRED; }
  | TYPE WIRELESS { BABEL_IFACE->type = BABEL_IFACE_TYPE_WIRELESS; }
  | RX BUFFER expr { BABEL_IFACE->rx_buffer = $3; if (($3<256) || ($3>65535)) cf_error("RX buffer must be in range 256-65535"); }