rp->recursion_level = p->recursion_level;
int fragmentable_offset = 0;
- int fragmentable_len = 0;
- int hlen = 0;
+ uint16_t fragmentable_len = 0;
+ uint16_t hlen = 0;
int ip_hdr_offset = 0;
RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
else {
int pkt_end = fragmentable_offset + frag->offset + frag->data_len;
if (pkt_end > (int)MAX_PAYLOAD_SIZE) {
- SCLogWarning(SC_ERR_REASSEMBLY, "Failed re-assemble "
- "fragmented packet, exceeds size of packet buffer.");
+ SCLogDebug("Failed re-assemble "
+ "fragmented packet, exceeds size of packet buffer.");
goto error_remove_tracker;
}
if (PacketCopyDataOffset(rp,
frag->data_len - frag->ltrim) == -1) {
goto error_remove_tracker;
}
+ if (frag->offset > UINT16_MAX - frag->data_len) {
+ SCLogDebug("Failed re-assemble "
+ "fragmentable_len exceeds UINT16_MAX");
+ goto error_remove_tracker;
+ }
if (frag->offset + frag->data_len > fragmentable_len)
fragmentable_len = frag->offset + frag->data_len;
}
}
}
- SCLogDebug("ip_hdr_offset %u, hlen %u, fragmentable_len %u",
- ip_hdr_offset, hlen, fragmentable_len);
+ SCLogDebug("ip_hdr_offset %u, hlen %" PRIu16 ", fragmentable_len %" PRIu16, ip_hdr_offset, hlen,
+ fragmentable_len);
rp->ip4h = (IPV4Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset);
uint16_t old = rp->ip4h->ip_len + rp->ip4h->ip_off;
+ DEBUG_VALIDATE_BUG_ON(hlen > UINT16_MAX - fragmentable_len);
rp->ip4h->ip_len = htons(fragmentable_len + hlen);
rp->ip4h->ip_off = 0;
rp->ip4h->ip_csum = FixChecksum(rp->ip4h->ip_csum,
}
PKT_SET_SRC(rp, PKT_SRC_DEFRAG);
- int unfragmentable_len = 0;
+ uint16_t unfragmentable_len = 0;
int fragmentable_offset = 0;
- int fragmentable_len = 0;
+ uint16_t fragmentable_len = 0;
int ip_hdr_offset = 0;
uint8_t next_hdr = 0;
RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
/* unfragmentable part is the part between the ipv6 header
* and the frag header. */
- unfragmentable_len = (fragmentable_offset - ip_hdr_offset) - IPV6_HEADER_LEN;
+ DEBUG_VALIDATE_BUG_ON(fragmentable_offset < ip_hdr_offset + IPV6_HEADER_LEN);
+ DEBUG_VALIDATE_BUG_ON(
+ fragmentable_offset - ip_hdr_offset - IPV6_HEADER_LEN > UINT16_MAX);
+ unfragmentable_len = (uint16_t)(fragmentable_offset - ip_hdr_offset - IPV6_HEADER_LEN);
if (unfragmentable_len >= fragmentable_offset)
goto error_remove_tracker;
}
}
rp->ip6h = (IPV6Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset);
+ DEBUG_VALIDATE_BUG_ON(unfragmentable_len > UINT16_MAX - fragmentable_len);
rp->ip6h->s_ip6_plen = htons(fragmentable_len + unfragmentable_len);
/* if we have no unfragmentable part, so no ext hdrs before the frag
* header, we need to update the ipv6 headers next header field. This
(ppd->tp_status & TP_STATUS_VLAN_VALID || ppd->hv1.tp_vlan_tci)) {
p->vlan_id[0] = ppd->hv1.tp_vlan_tci & 0x0fff;
p->vlan_idx = 1;
- p->afp_v.vlan_tci = ppd->hv1.tp_vlan_tci;
+ p->afp_v.vlan_tci = (uint16_t)ppd->hv1.tp_vlan_tci;
}
(void)PacketSetData(p, (unsigned char *)ppd + ppd->tp_mac, ppd->tp_snaplen);
}
}
-static void AFPSwitchState(AFPThreadVars *ptv, int state)
+static void AFPSwitchState(AFPThreadVars *ptv, uint8_t state)
{
ptv->afp_state = state;
ptv->down_count = 0;
return TM_ECODE_FAILED;
}
- fcode.len = filter.bf_len;
+ if (filter.bf_len > USHRT_MAX) {
+ return TM_ECODE_FAILED;
+ }
+ fcode.len = (unsigned short)filter.bf_len;
fcode.filter = (struct sock_filter*)filter.bf_insns;
rc = setsockopt(ptv->socket, SOL_SOCKET, SO_ATTACH_FILTER, &fcode, sizeof(fcode));
projects / thirdparty / suricata.git / commitdiff
