Hi Alin,

Thanks for reviewing the patch. 
Can we get this patch applied?

Thanks,
Anand Kumar

On 3/7/18, 3:42 AM, "ovs-dev-boun...@openvswitch.org on behalf of 
aserd...@ovn.org" <ovs-dev-boun...@openvswitch.org on behalf of 
aserd...@ovn.org> wrote:

    Acked-by: Alin Gabriel Serdean <aserd...@ovn.org>
    
    Alin.
    
    -----Mesaj original-----
    De la: ovs-dev-boun...@openvswitch.org <ovs-dev-boun...@openvswitch.org> În
    numele Anand Kumar
    Trimis: Wednesday, March 7, 2018 1:48 AM
    Către: d...@openvswitch.org
    Subiect: [ovs-dev] [PATCH v2] datapath-windows: Do not drop Ip fragments
    less than MIN_FRAGMENT_SIZE
    
    Previously ipfragment module would drop any fragments less than
    MIN_FRAGMENT_SIZE (400 bytes), which was added to safeguard against the
    vulnerability CVE-2000-0305. This check is incorrect, since minimum size of
    the Ipfragment is 68 bytes (i.e. max length of Ip Header + 8 bytes of
    L4 header). So Ip fragments less than MIN_FRAGMENT_SIZE (400 bytes) is not
    guranted to be malformed or illegal.
    
    To guard against security vulnerability CVE-2000-0305, for a given ip
    datagram, ipfragments should be dropped only when number of smallest
    fragments recieved reaches a certain threshold.
    
    Signed-off-by: Anand Kumar <kumaran...@vmware.com>
    ---
     datapath-windows/ovsext/IpFragment.c | 9 +++------
     1 file changed, 3 insertions(+), 6 deletions(-)
    
    diff --git a/datapath-windows/ovsext/IpFragment.c
    b/datapath-windows/ovsext/IpFragment.c
    index 3d5277a..d59d7cf 100644
    --- a/datapath-windows/ovsext/IpFragment.c
    +++ b/datapath-windows/ovsext/IpFragment.c
    @@ -25,10 +25,10 @@
     #undef OVS_DBG_MOD
     #endif
     #define OVS_DBG_MOD OVS_DBG_IPFRAG
    -/* Based on MIN_FRAGMENT_SIZE.*/
    -#define MAX_FRAGMENTS 164
    +
     #define MIN_FRAGMENT_SIZE 400
     #define MAX_IPDATAGRAM_SIZE 65535
    +#define MAX_FRAGMENTS MAX_IPDATAGRAM_SIZE/MIN_FRAGMENT_SIZE + 1
     
     /* Function declarations */
     static KSTART_ROUTINE OvsIpFragmentEntryCleaner; @@ -275,10 +275,7 @@
    OvsProcessIpv4Fragment(POVS_SWITCH_CONTEXT switchContext,
         offset = ntohs(ipHdr->frag_off) & IP_OFFSET;
         offset <<= 3;
         flags = ntohs(ipHdr->frag_off) & IP_MF;
    -    /* Only the last fragment can be of smaller size.*/
    -    if (flags && ntohs(ipHdr->tot_len) < MIN_FRAGMENT_SIZE) {
    -        return NDIS_STATUS_INVALID_LENGTH;
    -    }
    +
         /*Copy fragment specific fields. */
         fragKey.protocol = ipHdr->protocol;
         fragKey.id = ipHdr->id;
    --
    2.9.3.windows.1
    
    _______________________________________________
    dev mailing list
    d...@openvswitch.org
    
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwIFBA&c=uilaK90D4TOVoH58JNXRgQ&r=Q5z9tBe-nAOpE7LIHSPV8uy5-437agMXvkeHHMkR8Us&m=wBaFjfmLsp_IHmGbqcnqFbiVgL9SrUg_OjOmu6mtm18&s=-RSx_6v5FgOED7n_4PPfYEIrpVkor7g5BhyBt2ygcuU&e=
    
    _______________________________________________
    dev mailing list
    d...@openvswitch.org
    
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwIFBA&c=uilaK90D4TOVoH58JNXRgQ&r=Q5z9tBe-nAOpE7LIHSPV8uy5-437agMXvkeHHMkR8Us&m=wBaFjfmLsp_IHmGbqcnqFbiVgL9SrUg_OjOmu6mtm18&s=-RSx_6v5FgOED7n_4PPfYEIrpVkor7g5BhyBt2ygcuU&e=
    

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to