On Wed, Feb 13, 2019 at 1:10 AM Li RongQing <[email protected]> wrote:
> Assure the packet size is larger than ip total length > > Signed-off-by: Li RongQing <[email protected]> > --- > lib/conntrack.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/lib/conntrack.c b/lib/conntrack.c > index 5c43410ec..4a39327b3 100644 > --- a/lib/conntrack.c > +++ b/lib/conntrack.c > @@ -1525,6 +1525,10 @@ extract_l3_ipv4(struct conn_key *key, const void > *data, size_t size, > return false; > } > > + if (OVS_UNLIKELY(size < ntohs(ip->ip_tot_len))) { > + return false; > + } > + > l3 'size' is a derived field from ip_tot_len > if (IP_IS_FRAGMENT(ip->ip_frag_off)) { > return false; > } > -- > 2.16.2 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
