trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mas...@apache.org
Subject [trafficserver] 01/02: Check the buffer size before reading a packet number
Date Sun, 15 Jul 2018 02:14:14 GMT
This is an automated email from the ASF dual-hosted git repository.

maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 4503964ea557ffb9e9a9b7d24a070d1abcb76ff8
Author: Masakazu Kitajo <maskit@apache.org>
AuthorDate: Sun Jul 15 11:12:25 2018 +0900

    Check the buffer size before reading a packet number
---
 iocore/net/quic/QUICPacket.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/iocore/net/quic/QUICPacket.cc b/iocore/net/quic/QUICPacket.cc
index e143181..fd9a1db 100644
--- a/iocore/net/quic/QUICPacket.cc
+++ b/iocore/net/quic/QUICPacket.cc
@@ -873,6 +873,10 @@ QUICPacket::unprotect_packet_number(uint8_t *packet, size_t packet_len,
const QU
     return false;
   }
   unprotected_pn_len = QUICTypeUtil::read_QUICPacketNumberLen(unprotected_pn);
+  if (pn_offset + unprotected_pn_len > packet_len) {
+    Debug(tag.data(), "Malformed header: pn_offset=%zu, pn_len=%d", pn_offset, unprotected_pn_len);
+    return false;
+  }
   memcpy(packet + pn_offset, unprotected_pn, unprotected_pn_len);
   return true;
 }


Mime
View raw message