5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-25 23:01:38 +00:00

Merge pull request #636 from cathugger/develop

util: fix possible OOB in IPv4 flowkey calc, use switch there
This commit is contained in:
Neil Alexander 2020-01-07 22:38:31 +00:00 committed by GitHub
commit ef4d5553b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -103,11 +103,11 @@ func GetFlowKey(bs []byte) uint64 {
// Get the IP protocol version from the packet // Get the IP protocol version from the packet
switch bs[0] & 0xf0 { switch bs[0] & 0xf0 {
case 0x40: // IPv4 packet case 0x40: // IPv4 packet
// Check the packet meets minimum UDP packet length ihl := (bs[0] & 0x0f) * 4 // whole IPv4 header length (min 20)
if len(bs) >= 24 { // 8 is minimum UDP packet length
// Is the protocol TCP, UDP or SCTP? if ihl >= 20 && len(bs)-int(ihl) >= 8 {
if bs[9] == 0x06 || bs[9] == 0x11 || bs[9] == 0x84 { switch bs[9] /* protocol */ {
ihl := bs[0] & 0x0f * 4 // Header length case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
flowkey = uint64(bs[9])<<32 /* proto */ | flowkey = uint64(bs[9])<<32 /* proto */ |
uint64(bs[ihl+0])<<24 | uint64(bs[ihl+1])<<16 /* sport */ | uint64(bs[ihl+0])<<24 | uint64(bs[ihl+1])<<16 /* sport */ |
uint64(bs[ihl+2])<<8 | uint64(bs[ihl+3]) /* dport */ uint64(bs[ihl+2])<<8 | uint64(bs[ihl+3]) /* dport */
@ -119,8 +119,8 @@ func GetFlowKey(bs []byte) uint64 {
// If the flowlabel isn't present, make protokey from proto | sport | dport // If the flowlabel isn't present, make protokey from proto | sport | dport
// if the packet meets minimum UDP packet length // if the packet meets minimum UDP packet length
if flowkey == 0 && len(bs) >= 48 { if flowkey == 0 && len(bs) >= 48 {
// Is the protocol TCP, UDP or SCTP? switch bs[9] /* protocol */ {
if bs[6] == 0x06 || bs[6] == 0x11 || bs[6] == 0x84 { case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
flowkey = uint64(bs[6])<<32 /* proto */ | flowkey = uint64(bs[6])<<32 /* proto */ |
uint64(bs[40])<<24 | uint64(bs[41])<<16 /* sport */ | uint64(bs[40])<<24 | uint64(bs[41])<<16 /* sport */ |
uint64(bs[42])<<8 | uint64(bs[43]) /* dport */ uint64(bs[42])<<8 | uint64(bs[43]) /* dport */