From: Antonio Quartulli <ordex@autistici.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org,
Antonio Quartulli <ordex@autistici.org>
Subject: [PATCH 09/15] batman-adv: fix wrong dhcp option list browsing
Date: Wed, 25 Apr 2012 15:27:05 +0200 [thread overview]
Message-ID: <1335360431-30027-10-git-send-email-ordex@autistici.org> (raw)
In-Reply-To: <1335360431-30027-1-git-send-email-ordex@autistici.org>
In is_type_dhcprequest(), while parsing a DHCP message, if the entry we found in
the option list is neither a padding nor the dhcp-type, we have to ignore it and
jump as many bytes as its length + 1. The "+ 1" byte is given by the subtype
field itself that has to be jumped too.
Reported-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
net/batman-adv/gateway_client.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 6f9b9b7..47f7186 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -558,10 +558,10 @@ static bool is_type_dhcprequest(struct sk_buff *skb, int header_len)
p++;
/* ...and then we jump over the data */
- if (pkt_len < *p)
+ if (pkt_len < 1 + (*p))
goto out;
- pkt_len -= *p;
- p += (*p);
+ pkt_len -= 1 + (*p);
+ p += 1 + (*p);
}
}
out:
--
1.7.9.4
WARNING: multiple messages have this Message-ID (diff)
From: Antonio Quartulli <ordex@autistici.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org
Subject: [B.A.T.M.A.N.] [PATCH 09/15] batman-adv: fix wrong dhcp option list browsing
Date: Wed, 25 Apr 2012 15:27:05 +0200 [thread overview]
Message-ID: <1335360431-30027-10-git-send-email-ordex@autistici.org> (raw)
In-Reply-To: <1335360431-30027-1-git-send-email-ordex@autistici.org>
In is_type_dhcprequest(), while parsing a DHCP message, if the entry we found in
the option list is neither a padding nor the dhcp-type, we have to ignore it and
jump as many bytes as its length + 1. The "+ 1" byte is given by the subtype
field itself that has to be jumped too.
Reported-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
net/batman-adv/gateway_client.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 6f9b9b7..47f7186 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -558,10 +558,10 @@ static bool is_type_dhcprequest(struct sk_buff *skb, int header_len)
p++;
/* ...and then we jump over the data */
- if (pkt_len < *p)
+ if (pkt_len < 1 + (*p))
goto out;
- pkt_len -= *p;
- p += (*p);
+ pkt_len -= 1 + (*p);
+ p += 1 + (*p);
}
}
out:
--
1.7.9.4
next prev parent reply other threads:[~2012-04-25 13:26 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-25 13:26 pull request: batman-adv 2012-04-25 Antonio Quartulli
2012-04-25 13:26 ` [B.A.T.M.A.N.] " Antonio Quartulli
[not found] ` <1335360431-30027-1-git-send-email-ordex-GaUfNO9RBHfsrOwW+9ziJQ@public.gmane.org>
2012-04-25 13:26 ` [PATCH 01/15] batman-adv: add UNICAST_4ADDR packet type Antonio Quartulli
2012-04-25 13:26 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:26 ` [PATCH 02/15] batman-adv: add a new log level for DAT debugging Antonio Quartulli
2012-04-25 13:26 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:26 ` [PATCH 03/15] batman-adv: add biggest_unsigned_int(x) macro Antonio Quartulli
2012-04-25 13:26 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 14:14 ` David Laight
2012-04-25 14:14 ` [B.A.T.M.A.N.] " David Laight
[not found] ` <AE90C24D6B3A694183C094C60CF0A2F6026B6EF3-CgBM+Bx2aUAnGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2012-04-25 14:57 ` David Laight
2012-04-25 14:57 ` [B.A.T.M.A.N.] " David Laight
[not found] ` <AE90C24D6B3A694183C094C60CF0A2F6026B6EF4-CgBM+Bx2aUAnGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2012-04-25 18:09 ` David Miller
2012-04-25 18:09 ` [B.A.T.M.A.N.] " David Miller
2012-04-25 20:27 ` [B.A.T.M.A.N.] Traffic Control in batman-adv gtolon
2012-04-25 20:51 ` Sven Eckelmann
2012-04-26 12:58 ` gtolon
2012-04-26 14:49 ` 3zl Trizonelabs
2012-04-26 15:26 ` Marek Lindner
2012-04-26 16:04 ` 3zl Trizonelabs
2012-04-27 18:18 ` gtolon
2012-04-27 21:20 ` Guido Iribarren
2012-04-27 22:34 ` 3zl Trizonelabs
2012-05-03 15:36 ` gtolon
[not found] ` <20120425.140904.935584797119761625.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2012-04-27 12:51 ` [PATCH 03/15] batman-adv: add biggest_unsigned_int(x) macro Antonio Quartulli
2012-04-27 12:51 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 04/15] batman-adv: Distributed ARP Table - create DHT helper functions Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 05/15] batman-adv: Distributed ARP Table - add ARP parsing functions Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 06/15] batman-adv: Distributed ARP Table - add snooping functions for ARP messages Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 07/15] batman-adv: Distributed ARP Table - increase default soft_iface ARP table timeout Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 08/15] batman-adv: Distributed ARP Table - add compile option Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` Antonio Quartulli [this message]
2012-04-25 13:27 ` [B.A.T.M.A.N.] [PATCH 09/15] batman-adv: fix wrong dhcp option list browsing Antonio Quartulli
2012-04-25 13:27 ` [PATCH 10/15] batman-adv: introduce is_single_hop_neigh variable to increase readability Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 11/15] batman-adv: introduce packet type handler array for incoming packets Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 12/15] batman-adv: register batman ogm receive function during protocol init Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 13/15] batman-adv: rename last_valid to last_seen Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 14/15] batman-adv: replace HZ calculations with jiffies_to_msecs() Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-25 13:27 ` [PATCH 15/15] batman-adv: split neigh_new function into generic and batman iv specific parts Antonio Quartulli
2012-04-25 13:27 ` [B.A.T.M.A.N.] " Antonio Quartulli
2012-04-29 8:57 pull request: batman-adv 2012-04-29 Antonio Quartulli
2012-04-29 8:57 ` [PATCH 09/15] batman-adv: fix wrong dhcp option list browsing Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1335360431-30027-10-git-send-email-ordex@autistici.org \
--to=ordex@autistici.org \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.