more fix of memory access

wangyu- · wangyu- · commit e8daf7c263ec · 2020-07-26T19:07:17.000Z
diff --git a/client.cpp b/client.cpp
@@ -485,6 +485,11 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 		{
 			return -1;
 		}
+		if(data_len>=max_data_len+1)
+		{
+			mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+			return -1;
+		}
 		if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)||recv_info.src_port!=send_info.dst_port)
 		{
 			mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port);
diff --git a/connection.cpp b/connection.cpp
@@ -416,6 +416,13 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		//printf("recv_raw_fail in recv bare\n");
 		return -1;
 	}
+
+	if(len>=max_data_len+1)
+	{
+		mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len);
+		return -1;
+	}
+
 	mylog(log_trace,"data len=%d\n",len);
 	if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
 	{
@@ -615,7 +622,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len
 	}
 
 
-	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;
+	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;  //TODO might need to move this function to somewhere else after --fix-gro is introduced
 
 	return 0;
 }
diff --git a/makefile b/makefile
@@ -19,7 +19,6 @@ PCAP="-lpcap"
 MP="-DUDP2RAW_MP"
 
 
-
 NAME=udp2raw
 
 TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
@@ -59,7 +58,7 @@ debug: git_version
 	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG 
 debug2: git_version
 	rm -f ${NAME}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address
 
 #targets only for 'make release'
 
diff --git a/network.cpp b/network.cpp
@@ -1441,7 +1441,7 @@ int pre_recv_raw_packet()
 		}
 	}
 
-    if(g_packet_buf_len> max_data_len+1)
+    if(g_packet_buf_len>= max_data_len+1)
     {
         if(g_fix_gro==0)
         {
diff --git a/pcap_wrapper.h b/pcap_wrapper.h
@@ -9,12 +9,12 @@
 
 struct bpf_program
 {
- char a[2000];
+ char a[4096];
 };
 
 struct pcap_t
 {
- char a[2000];
+ char a[4096];
 };
 
 typedef unsigned int bpf_u_int32;
diff --git a/server.cpp b/server.cpp
@@ -460,6 +460,11 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 			{
 				return 0;
 			}
+			if(data_len>=max_data_len+1)
+			{
+				mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+				return -1;
+			}
 			if(use_tcp_dummy_socket!=0)
 				return 0;
 			raw_info_t &raw_info=tmp_raw_info;

Original file line number	Diff line number	Diff line change
`@@ -485,6 +485,11 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p`
`485`	`485`	`{`
`486`	`486`	`return -1;`
`487`	`487`	`}`
	`488`	`+ if(data_len>=max_data_len+1)`
	`489`	`+ {`
	`490`	`+ mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);`
	`491`	`+ return -1;`
	`492`	`+ }`
`488`	`493`	`if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)\|\|recv_info.src_port!=send_info.dst_port)`
`489`	`494`	`{`
`490`	`495`	`mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port);`
Original file line number	Diff line number	Diff line change
`@@ -416,6 +416,13 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e`
`416`	`416`	`//printf("recv_raw_fail in recv bare\n");`
`417`	`417`	`return -1;`
`418`	`418`	`}`
	`419`	`+`
	`420`	`+ if(len>=max_data_len+1)`
	`421`	`+ {`
	`422`	`+ mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len);`
	`423`	`+ return -1;`
	`424`	`+ }`
	`425`	`+`
`419`	`426`	`mylog(log_trace,"data len=%d\n",len);`
`420`	`427`	`if ((raw_mode == mode_faketcp && (recv_info.syn == 1 \|\| recv_info.ack != 1)))`
`421`	`428`	`{`
`@@ -615,7 +622,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len`
`615`	`622`	`}`
`616`	`623`
`617`	`624`
`618`		`- if(after_recv_raw0(conn_info.raw_info)!=0) return -1;`
	`625`	`+ if(after_recv_raw0(conn_info.raw_info)!=0) return -1; //TODO might need to move this function to somewhere else after --fix-gro is introduced`
`619`	`626`
`620`	`627`	`return 0;`
`621`	`628`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1441,7 +1441,7 @@ int pre_recv_raw_packet()`
`1441`	`1441`	`}`
`1442`	`1442`	`}`
`1443`	`1443`
`1444`		`- if(g_packet_buf_len> max_data_len+1)`
	`1444`	`+ if(g_packet_buf_len>= max_data_len+1)`
`1445`	`1445`	`{`
`1446`	`1446`	`if(g_fix_gro==0)`
`1447`	`1447`	`{`
Original file line number	Diff line number	Diff line change
`@@ -9,12 +9,12 @@`
`9`	`9`
`10`	`10`	`struct bpf_program`
`11`	`11`	`{`
`12`		`- char a[2000];`
	`12`	`+ char a[4096];`
`13`	`13`	`};`
`14`	`14`
`15`	`15`	`struct pcap_t`
`16`	`16`	`{`
`17`		`- char a[2000];`
	`17`	`+ char a[4096];`
`18`	`18`	`};`
`19`	`19`
`20`	`20`	`typedef unsigned int bpf_u_int32;`
Original file line number	Diff line number	Diff line change
`@@ -460,6 +460,11 @@ int server_on_raw_recv_multi() //called when server received an raw packet`
`460`	`460`	`{`
`461`	`461`	`return 0;`
`462`	`462`	`}`
	`463`	`+ if(data_len>=max_data_len+1)`
	`464`	`+ {`
	`465`	`+ mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);`
	`466`	`+ return -1;`
	`467`	`+ }`
`463`	`468`	`if(use_tcp_dummy_socket!=0)`
`464`	`469`	`return 0;`
`465`	`470`	`raw_info_t &raw_info=tmp_raw_info;`